General
-
Target
2c0b0335d6fa2eb67bcf09281d2253e85876903ebefd9362fa54eaec9dc77a56
-
Size
851KB
-
Sample
230319-dwezfagg2w
-
MD5
da487c12050dc8e44f1c3ed7b1f6ab1b
-
SHA1
38a99e48fa7f34b72bf0bd50e2b6aa4aae2d214a
-
SHA256
2c0b0335d6fa2eb67bcf09281d2253e85876903ebefd9362fa54eaec9dc77a56
-
SHA512
e10ba99bd87a182f227aa5fe9d9171f9780c59b41de0a3d23ea60c3e310e71eb4ec9e435ee41e2244e8b35733477aa4dc2857ebccb035555560c5035e7abe552
-
SSDEEP
12288:cMr0y90o+cbvf4PA4mYPSepHbn/bcVn/qXl6MimMu2B1Ki+S/FBRttWc1:Qy4wv743xpT/56svihB1
Static task
static1
Behavioral task
behavioral1
Sample
2c0b0335d6fa2eb67bcf09281d2253e85876903ebefd9362fa54eaec9dc77a56.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
ruka
193.233.20.28:4125
-
auth_value
5d1d0e51ebe1e3f16cca573ff651c43c
Targets
-
-
Target
2c0b0335d6fa2eb67bcf09281d2253e85876903ebefd9362fa54eaec9dc77a56
-
Size
851KB
-
MD5
da487c12050dc8e44f1c3ed7b1f6ab1b
-
SHA1
38a99e48fa7f34b72bf0bd50e2b6aa4aae2d214a
-
SHA256
2c0b0335d6fa2eb67bcf09281d2253e85876903ebefd9362fa54eaec9dc77a56
-
SHA512
e10ba99bd87a182f227aa5fe9d9171f9780c59b41de0a3d23ea60c3e310e71eb4ec9e435ee41e2244e8b35733477aa4dc2857ebccb035555560c5035e7abe552
-
SSDEEP
12288:cMr0y90o+cbvf4PA4mYPSepHbn/bcVn/qXl6MimMu2B1Ki+S/FBRttWc1:Qy4wv743xpT/56svihB1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-