General
-
Target
da8f1140ec9e29ececafec6f8894c62b3c07e9300ddfa76507bca92ca104f7cc
-
Size
544KB
-
Sample
230323-1kxrfaac96
-
MD5
9a9f53018a4243f6f655954ecf7cc487
-
SHA1
5a99a69fe7e49b103617219b9ca8f4e70c48be01
-
SHA256
da8f1140ec9e29ececafec6f8894c62b3c07e9300ddfa76507bca92ca104f7cc
-
SHA512
bcd9d766556971c4b28c9632cd624ee787dca8553734c6d4b72eb8198d08eb4390dd335d9cd4f6e26f94c26091fcc51b19c8f8acf77c2a67d41c9efdf91ea226
-
SSDEEP
12288:gMr8y90rllnpjKTANWviDf90OJJZqgUbML/wqjeUZOTRQl+fx:sywpjTLB3WMDdVgw+5
Static task
static1
Behavioral task
behavioral1
Sample
da8f1140ec9e29ececafec6f8894c62b3c07e9300ddfa76507bca92ca104f7cc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
da8f1140ec9e29ececafec6f8894c62b3c07e9300ddfa76507bca92ca104f7cc
-
Size
544KB
-
MD5
9a9f53018a4243f6f655954ecf7cc487
-
SHA1
5a99a69fe7e49b103617219b9ca8f4e70c48be01
-
SHA256
da8f1140ec9e29ececafec6f8894c62b3c07e9300ddfa76507bca92ca104f7cc
-
SHA512
bcd9d766556971c4b28c9632cd624ee787dca8553734c6d4b72eb8198d08eb4390dd335d9cd4f6e26f94c26091fcc51b19c8f8acf77c2a67d41c9efdf91ea226
-
SSDEEP
12288:gMr8y90rllnpjKTANWviDf90OJJZqgUbML/wqjeUZOTRQl+fx:sywpjTLB3WMDdVgw+5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-