General
-
Target
375e8e1fc5529a558f06539f5d52ef1d774aa2e43483b345c7e15bf260e22498
-
Size
543KB
-
Sample
230323-1pzrlaad35
-
MD5
7446806a3950a95129507677348fc682
-
SHA1
cbe43bb1f1a69ed99c471dd4b8a7a9c3bf8c89b5
-
SHA256
375e8e1fc5529a558f06539f5d52ef1d774aa2e43483b345c7e15bf260e22498
-
SHA512
9886043f9037006208f67db55222b9dbb9a9f7c79065b7c8bf94e585c74be577eb3e7f55fe39639d491d830b6b1df722a34ac4e39980b1810554b729c4e12975
-
SSDEEP
12288:EMriy9090v1vkvRjWk7nkfJ0O7olqgUxMLswmPwi+C2yeNWI27ahn+:2yOPYk7nKUQM4si+CNlLS+
Static task
static1
Behavioral task
behavioral1
Sample
375e8e1fc5529a558f06539f5d52ef1d774aa2e43483b345c7e15bf260e22498.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
375e8e1fc5529a558f06539f5d52ef1d774aa2e43483b345c7e15bf260e22498
-
Size
543KB
-
MD5
7446806a3950a95129507677348fc682
-
SHA1
cbe43bb1f1a69ed99c471dd4b8a7a9c3bf8c89b5
-
SHA256
375e8e1fc5529a558f06539f5d52ef1d774aa2e43483b345c7e15bf260e22498
-
SHA512
9886043f9037006208f67db55222b9dbb9a9f7c79065b7c8bf94e585c74be577eb3e7f55fe39639d491d830b6b1df722a34ac4e39980b1810554b729c4e12975
-
SSDEEP
12288:EMriy9090v1vkvRjWk7nkfJ0O7olqgUxMLswmPwi+C2yeNWI27ahn+:2yOPYk7nKUQM4si+CNlLS+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-