General
-
Target
a82ae27d701048f5a0a50e37e8dd291599326bd06b572435a4c3e8077bdd15fb
-
Size
907KB
-
Sample
230321-wjh5faec71
-
MD5
447c1b42096a1dfdaf445bba6c89315b
-
SHA1
e9bb53f02edac836b38881b5966d573b043cd715
-
SHA256
a82ae27d701048f5a0a50e37e8dd291599326bd06b572435a4c3e8077bdd15fb
-
SHA512
3015d2b97ea1d0adaa4bc974157c404a93b2f95947f96c9b6871caeb6ca14b48de0747339376cfedf2e8a37cebd8c918bd8f63aac870c820d8027e70de0cafa0
-
SSDEEP
24576:JymZaFGWsUPDmRkbouXn3im47DkSzLjJVEx3N:8FFnTrmmjXym8DkSXjJm
Static task
static1
Behavioral task
behavioral1
Sample
a82ae27d701048f5a0a50e37e8dd291599326bd06b572435a4c3e8077bdd15fb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Targets
-
-
Target
a82ae27d701048f5a0a50e37e8dd291599326bd06b572435a4c3e8077bdd15fb
-
Size
907KB
-
MD5
447c1b42096a1dfdaf445bba6c89315b
-
SHA1
e9bb53f02edac836b38881b5966d573b043cd715
-
SHA256
a82ae27d701048f5a0a50e37e8dd291599326bd06b572435a4c3e8077bdd15fb
-
SHA512
3015d2b97ea1d0adaa4bc974157c404a93b2f95947f96c9b6871caeb6ca14b48de0747339376cfedf2e8a37cebd8c918bd8f63aac870c820d8027e70de0cafa0
-
SSDEEP
24576:JymZaFGWsUPDmRkbouXn3im47DkSzLjJVEx3N:8FFnTrmmjXym8DkSXjJm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-