General
-
Target
cc5b100ce5e368b2a88665351a8153853a9a72acc40408c31cd81a862876d618
-
Size
906KB
-
Sample
230321-v6qmcscc49
-
MD5
66c66f31af03626c800414969a583ee6
-
SHA1
f5c8937d2af6a31470aeb884cf5d21fc3a06ad56
-
SHA256
cc5b100ce5e368b2a88665351a8153853a9a72acc40408c31cd81a862876d618
-
SHA512
c4bf3cfe86431ff8458a259342ff30c172ba5f1a2eac599020c805fb1c2f9caccbd316bc7647ac2b6739e686cdd2c02e4afc882e23131fa53289d02df942cfab
-
SSDEEP
24576:Hy2laiwg3MoJR1GrpF5gl3uYzP+aH5V8g:SkHs/ileYiaH5V8
Static task
static1
Behavioral task
behavioral1
Sample
cc5b100ce5e368b2a88665351a8153853a9a72acc40408c31cd81a862876d618.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Targets
-
-
Target
cc5b100ce5e368b2a88665351a8153853a9a72acc40408c31cd81a862876d618
-
Size
906KB
-
MD5
66c66f31af03626c800414969a583ee6
-
SHA1
f5c8937d2af6a31470aeb884cf5d21fc3a06ad56
-
SHA256
cc5b100ce5e368b2a88665351a8153853a9a72acc40408c31cd81a862876d618
-
SHA512
c4bf3cfe86431ff8458a259342ff30c172ba5f1a2eac599020c805fb1c2f9caccbd316bc7647ac2b6739e686cdd2c02e4afc882e23131fa53289d02df942cfab
-
SSDEEP
24576:Hy2laiwg3MoJR1GrpF5gl3uYzP+aH5V8g:SkHs/ileYiaH5V8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-