General
-
Target
38dae85e6bfbc5726854c200496faa2fc98eb0d1d4491d3a4cc351dc25b59a8a
-
Size
876KB
-
Sample
230321-vkl22sca99
-
MD5
2fa64cf5be2c953e19bdae1bba5f6368
-
SHA1
54878be2d6509e1f03e53808cd34614dd0ebd5d4
-
SHA256
38dae85e6bfbc5726854c200496faa2fc98eb0d1d4491d3a4cc351dc25b59a8a
-
SHA512
a9a2b3cd105798fbccd45c96d2b060b62ca3c0e40a70cf2eb0a70247b24bb9b4842134bd539dfe2f30dd0711ba0e364ad9b02bf772665f46636fbbe919e76ddb
-
SSDEEP
12288:7Mrmy90y2K3Ldj4DFtyTyYME8JyMjp85yDgNAQRFBCRNbTREqZ5kvWMI9TRA:xyx2K3LyDWuyq8kgAQnB4BFEq5ugTRA
Static task
static1
Behavioral task
behavioral1
Sample
38dae85e6bfbc5726854c200496faa2fc98eb0d1d4491d3a4cc351dc25b59a8a.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Targets
-
-
Target
38dae85e6bfbc5726854c200496faa2fc98eb0d1d4491d3a4cc351dc25b59a8a
-
Size
876KB
-
MD5
2fa64cf5be2c953e19bdae1bba5f6368
-
SHA1
54878be2d6509e1f03e53808cd34614dd0ebd5d4
-
SHA256
38dae85e6bfbc5726854c200496faa2fc98eb0d1d4491d3a4cc351dc25b59a8a
-
SHA512
a9a2b3cd105798fbccd45c96d2b060b62ca3c0e40a70cf2eb0a70247b24bb9b4842134bd539dfe2f30dd0711ba0e364ad9b02bf772665f46636fbbe919e76ddb
-
SSDEEP
12288:7Mrmy90y2K3Ldj4DFtyTyYME8JyMjp85yDgNAQRFBCRNbTREqZ5kvWMI9TRA:xyx2K3LyDWuyq8kgAQnB4BFEq5ugTRA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-