General
-
Target
ff5129ad99d06f7c68ef169c6cf87d31e2df9ff004bd5c2e35f5078d6dbe7049
-
Size
544KB
-
Sample
230323-1y2mjsad87
-
MD5
fe8bf842e22953072722698d71cb5135
-
SHA1
b01ba58d2a3748b3aa79827f1fce8da086decb35
-
SHA256
ff5129ad99d06f7c68ef169c6cf87d31e2df9ff004bd5c2e35f5078d6dbe7049
-
SHA512
dc4957adbd321da48df1979c90704e67ceaf35dcbda01481424cdc04fd71fa1baf357d8c032233864207f4b11144800e0fa7fe80d99928e3b375d64cd0b1e1d3
-
SSDEEP
12288:2MrAy90qzgBFpSxA4LqgUuML7wxWeCs0PHHhTU3NjF:ayLzgyAADMHftPnlk7
Static task
static1
Behavioral task
behavioral1
Sample
ff5129ad99d06f7c68ef169c6cf87d31e2df9ff004bd5c2e35f5078d6dbe7049.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
ff5129ad99d06f7c68ef169c6cf87d31e2df9ff004bd5c2e35f5078d6dbe7049
-
Size
544KB
-
MD5
fe8bf842e22953072722698d71cb5135
-
SHA1
b01ba58d2a3748b3aa79827f1fce8da086decb35
-
SHA256
ff5129ad99d06f7c68ef169c6cf87d31e2df9ff004bd5c2e35f5078d6dbe7049
-
SHA512
dc4957adbd321da48df1979c90704e67ceaf35dcbda01481424cdc04fd71fa1baf357d8c032233864207f4b11144800e0fa7fe80d99928e3b375d64cd0b1e1d3
-
SSDEEP
12288:2MrAy90qzgBFpSxA4LqgUuML7wxWeCs0PHHhTU3NjF:ayLzgyAADMHftPnlk7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-