General
-
Target
b571fdc0089a447d1aa11154bf461459ae6eedc01b1233bfd3b92e79b3b6794d
-
Size
907KB
-
Sample
230321-vp5d7acb33
-
MD5
7310ed0760c044221359c8325c2c42bc
-
SHA1
bb8ae9ee46537f991367c210efdee8576328b134
-
SHA256
b571fdc0089a447d1aa11154bf461459ae6eedc01b1233bfd3b92e79b3b6794d
-
SHA512
cd8b0bfc8d5ecda0199366de6e7e79b721df71185534c1cf3faa3eb822fa5d0b3fd7c5d7a38cb27712e02632d68814c8dbd064bd90b2230220eae51adadc4ba1
-
SSDEEP
12288:vMrNy90XlNR406SAqp0hC3uuy1KbcWv4K5/5RBTWi9j8VzWpzd7so5doyMoz:GyT06Jqp73uuPdv4Kl5rWNzwzd7sJoz
Static task
static1
Behavioral task
behavioral1
Sample
b571fdc0089a447d1aa11154bf461459ae6eedc01b1233bfd3b92e79b3b6794d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Targets
-
-
Target
b571fdc0089a447d1aa11154bf461459ae6eedc01b1233bfd3b92e79b3b6794d
-
Size
907KB
-
MD5
7310ed0760c044221359c8325c2c42bc
-
SHA1
bb8ae9ee46537f991367c210efdee8576328b134
-
SHA256
b571fdc0089a447d1aa11154bf461459ae6eedc01b1233bfd3b92e79b3b6794d
-
SHA512
cd8b0bfc8d5ecda0199366de6e7e79b721df71185534c1cf3faa3eb822fa5d0b3fd7c5d7a38cb27712e02632d68814c8dbd064bd90b2230220eae51adadc4ba1
-
SSDEEP
12288:vMrNy90XlNR406SAqp0hC3uuy1KbcWv4K5/5RBTWi9j8VzWpzd7so5doyMoz:GyT06Jqp73uuPdv4Kl5rWNzwzd7sJoz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-