General
-
Target
ee04c21d6109df4d2fc16d660798b40d0d59fd879d03cdea5d55d896e8059c19
-
Size
907KB
-
Sample
230321-wfjxkacc88
-
MD5
2bbbfacafde17b829179c3e7007ba2e3
-
SHA1
9eb8dfc5be03ad2cb7350a8eb29b32fce32c4f0e
-
SHA256
ee04c21d6109df4d2fc16d660798b40d0d59fd879d03cdea5d55d896e8059c19
-
SHA512
118bebf818036233d536ecfd3036f4f6ed325b8ab13f48db8fdfe9194370e624b95a95b3a486d821cc82d14842c50c55e7d24ac6f712aecd9ae7eacd82dcff97
-
SSDEEP
12288:HMr7y904+72MSrLl40sQ4jBW7II+JvQyND3UA3xKv0tKmfVzL5ETY6gZysre+h:0yLN5sQcse7p3n3xht5tzF8gZ1R
Static task
static1
Behavioral task
behavioral1
Sample
ee04c21d6109df4d2fc16d660798b40d0d59fd879d03cdea5d55d896e8059c19.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Targets
-
-
Target
ee04c21d6109df4d2fc16d660798b40d0d59fd879d03cdea5d55d896e8059c19
-
Size
907KB
-
MD5
2bbbfacafde17b829179c3e7007ba2e3
-
SHA1
9eb8dfc5be03ad2cb7350a8eb29b32fce32c4f0e
-
SHA256
ee04c21d6109df4d2fc16d660798b40d0d59fd879d03cdea5d55d896e8059c19
-
SHA512
118bebf818036233d536ecfd3036f4f6ed325b8ab13f48db8fdfe9194370e624b95a95b3a486d821cc82d14842c50c55e7d24ac6f712aecd9ae7eacd82dcff97
-
SSDEEP
12288:HMr7y904+72MSrLl40sQ4jBW7II+JvQyND3UA3xKv0tKmfVzL5ETY6gZysre+h:0yLN5sQcse7p3n3xht5tzF8gZ1R
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-