General
-
Target
4e8853994fed9d0ba378f51291cda0773dbacad33193d9891c129a420e582a39
-
Size
544KB
-
Sample
230323-19jk4sce4v
-
MD5
6c022577ed6c48375e0a269f81f8fd19
-
SHA1
c9f7eebe8a2bf01780f3ee2a5b028491b3d9242b
-
SHA256
4e8853994fed9d0ba378f51291cda0773dbacad33193d9891c129a420e582a39
-
SHA512
e2ef0bd92ce462d9721406de342d348cd9fa2e44b303b3105ee3311a87499adabe544aae0625a0a69586747a95186710507881718228af75332abb68c5be8cfc
-
SSDEEP
12288:IMr0y90AJ5r5nd8aBxv5WSISOKRtMIuxqgUuML6w8WjS54+v4rKP:MytJqaT5VHyHPTM+N6S5JgGP
Static task
static1
Behavioral task
behavioral1
Sample
4e8853994fed9d0ba378f51291cda0773dbacad33193d9891c129a420e582a39.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
4e8853994fed9d0ba378f51291cda0773dbacad33193d9891c129a420e582a39
-
Size
544KB
-
MD5
6c022577ed6c48375e0a269f81f8fd19
-
SHA1
c9f7eebe8a2bf01780f3ee2a5b028491b3d9242b
-
SHA256
4e8853994fed9d0ba378f51291cda0773dbacad33193d9891c129a420e582a39
-
SHA512
e2ef0bd92ce462d9721406de342d348cd9fa2e44b303b3105ee3311a87499adabe544aae0625a0a69586747a95186710507881718228af75332abb68c5be8cfc
-
SSDEEP
12288:IMr0y90AJ5r5nd8aBxv5WSISOKRtMIuxqgUuML6w8WjS54+v4rKP:MytJqaT5VHyHPTM+N6S5JgGP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-