General
-
Target
560e96f41fa3f2d935f3d1226d5c5c501d7e2a80a02377720718af1bd569376a
-
Size
906KB
-
Sample
230321-vrn5zscb44
-
MD5
f4849049454c80950c929ed1a8e67169
-
SHA1
19adccea69e32d51f00e4c87ccde73627828ab61
-
SHA256
560e96f41fa3f2d935f3d1226d5c5c501d7e2a80a02377720718af1bd569376a
-
SHA512
1951b9c056abb0c93ab4837b174f7ce40af45e144a91d09521d6699704ca4c7d90c19eec3376e139d8f27d8509fcdc5a0eb3f5fe50f961ce34da78933c776973
-
SSDEEP
24576:7yc4H0FlkX24wI0R0ROOjZsjChOzzOpJXi:uHwe2k0RZOjgk
Static task
static1
Behavioral task
behavioral1
Sample
560e96f41fa3f2d935f3d1226d5c5c501d7e2a80a02377720718af1bd569376a.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Targets
-
-
Target
560e96f41fa3f2d935f3d1226d5c5c501d7e2a80a02377720718af1bd569376a
-
Size
906KB
-
MD5
f4849049454c80950c929ed1a8e67169
-
SHA1
19adccea69e32d51f00e4c87ccde73627828ab61
-
SHA256
560e96f41fa3f2d935f3d1226d5c5c501d7e2a80a02377720718af1bd569376a
-
SHA512
1951b9c056abb0c93ab4837b174f7ce40af45e144a91d09521d6699704ca4c7d90c19eec3376e139d8f27d8509fcdc5a0eb3f5fe50f961ce34da78933c776973
-
SSDEEP
24576:7yc4H0FlkX24wI0R0ROOjZsjChOzzOpJXi:uHwe2k0RZOjgk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-