General
-
Target
3252109db648fff6125ae09d47dd21eecc8cff4a7e44ea7f3da05baad3e3fb4c
-
Size
544KB
-
Sample
230323-14ed7scd9v
-
MD5
9d56a759eb0f6e987f5fe4bba513ba5d
-
SHA1
cccf46e9de545f8ddf7df9d0c866ba5e32bd3efd
-
SHA256
3252109db648fff6125ae09d47dd21eecc8cff4a7e44ea7f3da05baad3e3fb4c
-
SHA512
3cf5d4ed6461d4b0ead691521763faf2685cd33ca2c274c1d4a4841f9bd87410e5a9f5d7110bda30fb61c3003f0f5d6ef8b6b9707478323f7d50702eb57e0cce
-
SSDEEP
12288:rMrmy90IncWWJgyWYfp0OjVDqgUkMLKwUeL/4NH3aD4TZ:JylnL8vFMOEkNXlZ
Static task
static1
Behavioral task
behavioral1
Sample
3252109db648fff6125ae09d47dd21eecc8cff4a7e44ea7f3da05baad3e3fb4c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
3252109db648fff6125ae09d47dd21eecc8cff4a7e44ea7f3da05baad3e3fb4c
-
Size
544KB
-
MD5
9d56a759eb0f6e987f5fe4bba513ba5d
-
SHA1
cccf46e9de545f8ddf7df9d0c866ba5e32bd3efd
-
SHA256
3252109db648fff6125ae09d47dd21eecc8cff4a7e44ea7f3da05baad3e3fb4c
-
SHA512
3cf5d4ed6461d4b0ead691521763faf2685cd33ca2c274c1d4a4841f9bd87410e5a9f5d7110bda30fb61c3003f0f5d6ef8b6b9707478323f7d50702eb57e0cce
-
SSDEEP
12288:rMrmy90IncWWJgyWYfp0OjVDqgUkMLKwUeL/4NH3aD4TZ:JylnL8vFMOEkNXlZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-