General
-
Target
df5262a0aff91def9713ab81b7e298101a09befc093c24b01587e70cbc85a3fe
-
Size
544KB
-
Sample
230323-1mfwpscc9s
-
MD5
2a578bb39d5f5e98f1f43a9c16357996
-
SHA1
f16430d6a6121320d0ffd6147d8b663ee4edf2ac
-
SHA256
df5262a0aff91def9713ab81b7e298101a09befc093c24b01587e70cbc85a3fe
-
SHA512
33ef7e391b8e5d7b2c00c9c0b015669e20e75233b320276d4d738b786243ebf4260da95edaa131a5e5947b5ee9d52af8ec80ad7588133f850787c4632cd0464e
-
SSDEEP
12288:1Mr+y90pLVE/41gES4DAfqgUUMLHwvUZN5VOj:Dy+N1U4DA1ZMbEUH5VOj
Static task
static1
Behavioral task
behavioral1
Sample
df5262a0aff91def9713ab81b7e298101a09befc093c24b01587e70cbc85a3fe.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
df5262a0aff91def9713ab81b7e298101a09befc093c24b01587e70cbc85a3fe
-
Size
544KB
-
MD5
2a578bb39d5f5e98f1f43a9c16357996
-
SHA1
f16430d6a6121320d0ffd6147d8b663ee4edf2ac
-
SHA256
df5262a0aff91def9713ab81b7e298101a09befc093c24b01587e70cbc85a3fe
-
SHA512
33ef7e391b8e5d7b2c00c9c0b015669e20e75233b320276d4d738b786243ebf4260da95edaa131a5e5947b5ee9d52af8ec80ad7588133f850787c4632cd0464e
-
SSDEEP
12288:1Mr+y90pLVE/41gES4DAfqgUUMLHwvUZN5VOj:Dy+N1U4DA1ZMbEUH5VOj
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-