General
-
Target
d8cc657146e293522f86316076554c50666a870ea9d1fe4c1264ac617e1c4cd6
-
Size
679KB
-
Sample
230323-19am7sce31
-
MD5
e77bb1d103c6bc08804ac3dc91ea75d2
-
SHA1
33f0d5ac422fa166131b3e890f803fb94c1919ea
-
SHA256
d8cc657146e293522f86316076554c50666a870ea9d1fe4c1264ac617e1c4cd6
-
SHA512
e26e38c296cbbbf8e0b5c05fa223df969090ceaa4d921bfd785c9ef1a0b6bd1273e411ea0d731f3840c486dc28bc3572569a78f3da429ddcd60fc86e3229d596
-
SSDEEP
12288:jGHIGD4gZKt4U5Mu3iTTKJ2e32cc8M1o/SldCnGoxkqeYBndoehW8ArY+v4:m/HeDoTKwC2r8mldwGWkCoevSY+A
Static task
static1
Behavioral task
behavioral1
Sample
d8cc657146e293522f86316076554c50666a870ea9d1fe4c1264ac617e1c4cd6.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
d8cc657146e293522f86316076554c50666a870ea9d1fe4c1264ac617e1c4cd6
-
Size
679KB
-
MD5
e77bb1d103c6bc08804ac3dc91ea75d2
-
SHA1
33f0d5ac422fa166131b3e890f803fb94c1919ea
-
SHA256
d8cc657146e293522f86316076554c50666a870ea9d1fe4c1264ac617e1c4cd6
-
SHA512
e26e38c296cbbbf8e0b5c05fa223df969090ceaa4d921bfd785c9ef1a0b6bd1273e411ea0d731f3840c486dc28bc3572569a78f3da429ddcd60fc86e3229d596
-
SSDEEP
12288:jGHIGD4gZKt4U5Mu3iTTKJ2e32cc8M1o/SldCnGoxkqeYBndoehW8ArY+v4:m/HeDoTKwC2r8mldwGWkCoevSY+A
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-