General
-
Target
073e2a933768f404f5896b733a2cabed65dcd4cf534e4e5283a907d89a566fa1
-
Size
906KB
-
Sample
230321-vyhlsacb85
-
MD5
ff15db34acb07aa1356931c5a98c74a3
-
SHA1
e2f7c4f6e79c7042bc8f2c8636b43e0b31bcefcb
-
SHA256
073e2a933768f404f5896b733a2cabed65dcd4cf534e4e5283a907d89a566fa1
-
SHA512
ca024f8becf408f88c0ec19135c892497077c7b2a516a5f9ad6a67adce9ccee990990b025455221ed8f4caa7152991d1ab4bce503363b22b9d570ab22fc04e70
-
SSDEEP
24576:qy4fvZaD8XtLKCeRKCIm0sPF+swTz5g/Z:x4fvZNXVCImZITq/
Static task
static1
Behavioral task
behavioral1
Sample
073e2a933768f404f5896b733a2cabed65dcd4cf534e4e5283a907d89a566fa1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Targets
-
-
Target
073e2a933768f404f5896b733a2cabed65dcd4cf534e4e5283a907d89a566fa1
-
Size
906KB
-
MD5
ff15db34acb07aa1356931c5a98c74a3
-
SHA1
e2f7c4f6e79c7042bc8f2c8636b43e0b31bcefcb
-
SHA256
073e2a933768f404f5896b733a2cabed65dcd4cf534e4e5283a907d89a566fa1
-
SHA512
ca024f8becf408f88c0ec19135c892497077c7b2a516a5f9ad6a67adce9ccee990990b025455221ed8f4caa7152991d1ab4bce503363b22b9d570ab22fc04e70
-
SSDEEP
24576:qy4fvZaD8XtLKCeRKCIm0sPF+swTz5g/Z:x4fvZNXVCImZITq/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-