General
-
Target
4b015ed340119bd2fd8fd88fac7abf73fb11adea1fac9da1bc0147a69242b802
-
Size
851KB
-
Sample
230319-dj99taef48
-
MD5
fd94f7aea9540766c8a3e5fec2ab7639
-
SHA1
a4524f3e64423a60edbdb6160d287dc0f90a9895
-
SHA256
4b015ed340119bd2fd8fd88fac7abf73fb11adea1fac9da1bc0147a69242b802
-
SHA512
a5156c9051b1777d40d2020d81adc21ee400422d779b97cfe801d2b0a652f568219f421bdb047ab4ef3d901cfab4b31c4b0fcdcf7ae930c7cb5ae7cbf3672525
-
SSDEEP
24576:Xy/VH62HZ2cXn7L3Yv/niDknjD1+X4f9Y:id6SUcX7bc/nisXkm
Static task
static1
Behavioral task
behavioral1
Sample
4b015ed340119bd2fd8fd88fac7abf73fb11adea1fac9da1bc0147a69242b802.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
ruka
193.233.20.28:4125
-
auth_value
5d1d0e51ebe1e3f16cca573ff651c43c
Targets
-
-
Target
4b015ed340119bd2fd8fd88fac7abf73fb11adea1fac9da1bc0147a69242b802
-
Size
851KB
-
MD5
fd94f7aea9540766c8a3e5fec2ab7639
-
SHA1
a4524f3e64423a60edbdb6160d287dc0f90a9895
-
SHA256
4b015ed340119bd2fd8fd88fac7abf73fb11adea1fac9da1bc0147a69242b802
-
SHA512
a5156c9051b1777d40d2020d81adc21ee400422d779b97cfe801d2b0a652f568219f421bdb047ab4ef3d901cfab4b31c4b0fcdcf7ae930c7cb5ae7cbf3672525
-
SSDEEP
24576:Xy/VH62HZ2cXn7L3Yv/niDknjD1+X4f9Y:id6SUcX7bc/nisXkm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-