General
-
Target
10c5ed43487edee78c2ab4c26863c584880f353faa8855f2b8ca825c722276a3
-
Size
908KB
-
Sample
230321-v5d7yaec2x
-
MD5
6fda8cdf56b9054f23c0633064897024
-
SHA1
13d3a127c139f29a97cf221bde51eaeebe75e55c
-
SHA256
10c5ed43487edee78c2ab4c26863c584880f353faa8855f2b8ca825c722276a3
-
SHA512
261d01b8fe9774e192bbab8db97607a3d426f44c86f479d54d6ee933ec35c103c03405eaa4e889369b6f83cf519c33938d8b26463636858e5b2ed33164c81b37
-
SSDEEP
24576:Oydrl5H9ucAP7xa7GiLAlEuMV5zTCEuXAD0aUWh9:dn/XAP7gnxDvCEuQXh
Static task
static1
Behavioral task
behavioral1
Sample
10c5ed43487edee78c2ab4c26863c584880f353faa8855f2b8ca825c722276a3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Targets
-
-
Target
10c5ed43487edee78c2ab4c26863c584880f353faa8855f2b8ca825c722276a3
-
Size
908KB
-
MD5
6fda8cdf56b9054f23c0633064897024
-
SHA1
13d3a127c139f29a97cf221bde51eaeebe75e55c
-
SHA256
10c5ed43487edee78c2ab4c26863c584880f353faa8855f2b8ca825c722276a3
-
SHA512
261d01b8fe9774e192bbab8db97607a3d426f44c86f479d54d6ee933ec35c103c03405eaa4e889369b6f83cf519c33938d8b26463636858e5b2ed33164c81b37
-
SSDEEP
24576:Oydrl5H9ucAP7xa7GiLAlEuMV5zTCEuXAD0aUWh9:dn/XAP7gnxDvCEuQXh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-