General
-
Target
9186f6fc9d8321c105ca4dfe36dcc94866d679a8b41e2d958a20be8fb9ec4bcb
-
Size
690KB
-
Sample
230323-278mwsag46
-
MD5
d2c16eab586293a77cec6a20c1146809
-
SHA1
fdd9c29319ae6278281a03ee5f6f40caa78fb6d6
-
SHA256
9186f6fc9d8321c105ca4dfe36dcc94866d679a8b41e2d958a20be8fb9ec4bcb
-
SHA512
7d03c48e2f5c3c3674a21454f6604e78f61dd2456b3145fcd72de4d89380a4f5c4819f8ac3d910a832604ea8d50d378da089c51b3fa9eabb6ab311c7f651ea29
-
SSDEEP
12288:aMA1XlYcsasrYwYVQ7UsioJ8ijdV/EPUsWqunPfEzWfdkfvR1d/tXmwH:aM03s6w5UsPjD//sWqofEifG75tXvH
Static task
static1
Behavioral task
behavioral1
Sample
9186f6fc9d8321c105ca4dfe36dcc94866d679a8b41e2d958a20be8fb9ec4bcb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
9186f6fc9d8321c105ca4dfe36dcc94866d679a8b41e2d958a20be8fb9ec4bcb
-
Size
690KB
-
MD5
d2c16eab586293a77cec6a20c1146809
-
SHA1
fdd9c29319ae6278281a03ee5f6f40caa78fb6d6
-
SHA256
9186f6fc9d8321c105ca4dfe36dcc94866d679a8b41e2d958a20be8fb9ec4bcb
-
SHA512
7d03c48e2f5c3c3674a21454f6604e78f61dd2456b3145fcd72de4d89380a4f5c4819f8ac3d910a832604ea8d50d378da089c51b3fa9eabb6ab311c7f651ea29
-
SSDEEP
12288:aMA1XlYcsasrYwYVQ7UsioJ8ijdV/EPUsWqunPfEzWfdkfvR1d/tXmwH:aM03s6w5UsPjD//sWqofEifG75tXvH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-