General
-
Target
f56a5c96b126d773a624f88dc358a849d94c1ca9d0cd5d510066ffa94db7c3f9
-
Size
779KB
-
Sample
230321-18gecsfd5w
-
MD5
fad727b9bae59a7c5b992c9bd95a02f3
-
SHA1
2f65747ae447914d7b3c3484f15b54b441b43d40
-
SHA256
f56a5c96b126d773a624f88dc358a849d94c1ca9d0cd5d510066ffa94db7c3f9
-
SHA512
bc6b5930f5fc6a40564faf074146a0f6c66e541d48c161c742229ec3fd6c60040684fcdf9ccae76e87899936f594c04e7279899490247aeb5b682b9b92f62e87
-
SSDEEP
12288:YMrly90soywUdh8KzNvgrvpPxyZk35SfZD9b3TJ0Ra8/qGPNGyZwM6L/jPq:dybo97KREvpPxJSFVTqg8/qQmM6Lri
Static task
static1
Behavioral task
behavioral1
Sample
f56a5c96b126d773a624f88dc358a849d94c1ca9d0cd5d510066ffa94db7c3f9.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f56a5c96b126d773a624f88dc358a849d94c1ca9d0cd5d510066ffa94db7c3f9.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Targets
-
-
Target
f56a5c96b126d773a624f88dc358a849d94c1ca9d0cd5d510066ffa94db7c3f9
-
Size
779KB
-
MD5
fad727b9bae59a7c5b992c9bd95a02f3
-
SHA1
2f65747ae447914d7b3c3484f15b54b441b43d40
-
SHA256
f56a5c96b126d773a624f88dc358a849d94c1ca9d0cd5d510066ffa94db7c3f9
-
SHA512
bc6b5930f5fc6a40564faf074146a0f6c66e541d48c161c742229ec3fd6c60040684fcdf9ccae76e87899936f594c04e7279899490247aeb5b682b9b92f62e87
-
SSDEEP
12288:YMrly90soywUdh8KzNvgrvpPxyZk35SfZD9b3TJ0Ra8/qGPNGyZwM6L/jPq:dybo97KREvpPxJSFVTqg8/qQmM6Lri
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-