General
-
Target
3195865cf83f6623b2920e810d582164fa7f82ec399a2dd4a45ab3b8b9f40bda
-
Size
546KB
-
Sample
230323-27ckfsag43
-
MD5
29bbb76395051da0cee395b19e177ce5
-
SHA1
e23f2a6c3241802076d95f2f0f5c4f7eb7f86168
-
SHA256
3195865cf83f6623b2920e810d582164fa7f82ec399a2dd4a45ab3b8b9f40bda
-
SHA512
11248cd4f8047d9c64116febf5277bc7cd5b576551ffb865c4c755603c8667ca7ef46570435bd25e47289904631f9dd81debfcd42f785f923a1d0be06a5ee4e9
-
SSDEEP
12288:eMrcy90GQlvHej0dbH0ORS5nuTZ28DXBtInU0eaPTDjN:WyslPeO/S5uF28DRWnNea/p
Static task
static1
Behavioral task
behavioral1
Sample
3195865cf83f6623b2920e810d582164fa7f82ec399a2dd4a45ab3b8b9f40bda.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
3195865cf83f6623b2920e810d582164fa7f82ec399a2dd4a45ab3b8b9f40bda
-
Size
546KB
-
MD5
29bbb76395051da0cee395b19e177ce5
-
SHA1
e23f2a6c3241802076d95f2f0f5c4f7eb7f86168
-
SHA256
3195865cf83f6623b2920e810d582164fa7f82ec399a2dd4a45ab3b8b9f40bda
-
SHA512
11248cd4f8047d9c64116febf5277bc7cd5b576551ffb865c4c755603c8667ca7ef46570435bd25e47289904631f9dd81debfcd42f785f923a1d0be06a5ee4e9
-
SSDEEP
12288:eMrcy90GQlvHej0dbH0ORS5nuTZ28DXBtInU0eaPTDjN:WyslPeO/S5uF28DRWnNea/p
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-