General
-
Target
f4b5e1484dd11f2a5a8c0375aab5b74022c9875305ab77499443421e60b1e585
-
Size
544KB
-
Sample
230323-2ag4nsae63
-
MD5
e6260e9452611c15b026f9ef6e306a5c
-
SHA1
6eac4e56930a9bc02572f2dee31c25a0c3fd86ab
-
SHA256
f4b5e1484dd11f2a5a8c0375aab5b74022c9875305ab77499443421e60b1e585
-
SHA512
a19a915470dbbb666f59d954971ef4c370570e542009a4e396e85770f6912209103912766df1054c3f7f60fd36af875464eafc7a76b0bb5482ac3eae6d76c694
-
SSDEEP
12288:MMr8y90i9ZynAQGI75ptcDWqgUZMLHwzUQJj/LcADB:IyPUnD7VcDCUMzKUAj/Lcq
Static task
static1
Behavioral task
behavioral1
Sample
f4b5e1484dd11f2a5a8c0375aab5b74022c9875305ab77499443421e60b1e585.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
f4b5e1484dd11f2a5a8c0375aab5b74022c9875305ab77499443421e60b1e585
-
Size
544KB
-
MD5
e6260e9452611c15b026f9ef6e306a5c
-
SHA1
6eac4e56930a9bc02572f2dee31c25a0c3fd86ab
-
SHA256
f4b5e1484dd11f2a5a8c0375aab5b74022c9875305ab77499443421e60b1e585
-
SHA512
a19a915470dbbb666f59d954971ef4c370570e542009a4e396e85770f6912209103912766df1054c3f7f60fd36af875464eafc7a76b0bb5482ac3eae6d76c694
-
SSDEEP
12288:MMr8y90i9ZynAQGI75ptcDWqgUZMLHwzUQJj/LcADB:IyPUnD7VcDCUMzKUAj/Lcq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-