General
-
Target
5f020d66b1f4b6b52cbf048c3d72540285fd166b0774e153eaf267587b6a3a57
-
Size
1.0MB
-
Sample
230322-26ey7adh7z
-
MD5
f785b2106e3be1daf4c364dc62a1959e
-
SHA1
7fd9e6708fdc2e2932f146ee476528bbb32a49c1
-
SHA256
5f020d66b1f4b6b52cbf048c3d72540285fd166b0774e153eaf267587b6a3a57
-
SHA512
3bd505978b219475806b2a882cb0c3d29244871d2778c77e019d69b0c83b0cae7b1ff4304b36bca3079dba114ca16184e8e4fe49b351a097a1b78fd97d91ee5a
-
SSDEEP
12288:SMrOy90WccAtqJomek6M52PRbCmAnZogF/4Bs3X2IT/kPLGIzsQIRHBqZNWWzPw5:cyfxAkJUbufFwK3mqsie2oBzcyvtM
Static task
static1
Behavioral task
behavioral1
Sample
5f020d66b1f4b6b52cbf048c3d72540285fd166b0774e153eaf267587b6a3a57.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
redline
@REDLINEVIPCHAT Cloud (TG: @FATHEROFCARDERS)
151.80.89.234:19388
-
auth_value
56af49c3278d982f9a41ef2abb7c4d09
Targets
-
-
Target
5f020d66b1f4b6b52cbf048c3d72540285fd166b0774e153eaf267587b6a3a57
-
Size
1.0MB
-
MD5
f785b2106e3be1daf4c364dc62a1959e
-
SHA1
7fd9e6708fdc2e2932f146ee476528bbb32a49c1
-
SHA256
5f020d66b1f4b6b52cbf048c3d72540285fd166b0774e153eaf267587b6a3a57
-
SHA512
3bd505978b219475806b2a882cb0c3d29244871d2778c77e019d69b0c83b0cae7b1ff4304b36bca3079dba114ca16184e8e4fe49b351a097a1b78fd97d91ee5a
-
SSDEEP
12288:SMrOy90WccAtqJomek6M52PRbCmAnZogF/4Bs3X2IT/kPLGIzsQIRHBqZNWWzPw5:cyfxAkJUbufFwK3mqsie2oBzcyvtM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-