General
-
Target
082c8166d7fa93480887071977552896ffad1a631b185481cf4323f571fb799d
-
Size
544KB
-
Sample
230323-156vvace2s
-
MD5
e0f552607bd648a8494c0a139eb7ae72
-
SHA1
cd899f98fa6ea12492230ebb645deabb2666574d
-
SHA256
082c8166d7fa93480887071977552896ffad1a631b185481cf4323f571fb799d
-
SHA512
bcb46849a05a390f922795db97144e65a757a801070970ac5444fd6a045d69a5e321fd64cd3778c5e8baed05160f27fa6091ccb3288fd95ab4dc3b9daf4784b7
-
SSDEEP
12288:ZMrmy90YkVZ5qhgYit4t7+jyg4rfz0OsM1qgUVMLywF2Azehz0W:Dy4oZt7f9nbgM+Fzf
Static task
static1
Behavioral task
behavioral1
Sample
082c8166d7fa93480887071977552896ffad1a631b185481cf4323f571fb799d.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
082c8166d7fa93480887071977552896ffad1a631b185481cf4323f571fb799d
-
Size
544KB
-
MD5
e0f552607bd648a8494c0a139eb7ae72
-
SHA1
cd899f98fa6ea12492230ebb645deabb2666574d
-
SHA256
082c8166d7fa93480887071977552896ffad1a631b185481cf4323f571fb799d
-
SHA512
bcb46849a05a390f922795db97144e65a757a801070970ac5444fd6a045d69a5e321fd64cd3778c5e8baed05160f27fa6091ccb3288fd95ab4dc3b9daf4784b7
-
SSDEEP
12288:ZMrmy90YkVZ5qhgYit4t7+jyg4rfz0OsM1qgUVMLywF2Azehz0W:Dy4oZt7f9nbgM+Fzf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-