General
-
Target
ed140ced83cf7b8aaca5b8aa9f12fd79eec8c2150fceb9f77b5a5a7c0b116673
-
Size
546KB
-
Sample
230323-25rxcsag36
-
MD5
7acab2851cf95e40f566790e449201cc
-
SHA1
63e100f404982cbe8b1cd92039cdef76fbd6407e
-
SHA256
ed140ced83cf7b8aaca5b8aa9f12fd79eec8c2150fceb9f77b5a5a7c0b116673
-
SHA512
01ac09a096e8e8264a9c4f85d6e2d0267fb15c2541018d8adb77e1e1c86f76673d832cc37e33d465db183e61cece0359142085b8298533bf7628bf7510ab47fa
-
SSDEEP
12288:cMrey90MOPW8SPsAMyBNYqs1hyaxvrqjKTOXx6RCnpaWGwdjaH:iyPOPTSkcBNfsWaxv2WYIQpacB2
Static task
static1
Behavioral task
behavioral1
Sample
ed140ced83cf7b8aaca5b8aa9f12fd79eec8c2150fceb9f77b5a5a7c0b116673.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
ed140ced83cf7b8aaca5b8aa9f12fd79eec8c2150fceb9f77b5a5a7c0b116673
-
Size
546KB
-
MD5
7acab2851cf95e40f566790e449201cc
-
SHA1
63e100f404982cbe8b1cd92039cdef76fbd6407e
-
SHA256
ed140ced83cf7b8aaca5b8aa9f12fd79eec8c2150fceb9f77b5a5a7c0b116673
-
SHA512
01ac09a096e8e8264a9c4f85d6e2d0267fb15c2541018d8adb77e1e1c86f76673d832cc37e33d465db183e61cece0359142085b8298533bf7628bf7510ab47fa
-
SSDEEP
12288:cMrey90MOPW8SPsAMyBNYqs1hyaxvrqjKTOXx6RCnpaWGwdjaH:iyPOPTSkcBNfsWaxv2WYIQpacB2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-