General
-
Target
8904faf1bd1ec1d7e06c0d3ca1b3bf940e040c20a678164180d264fe8ebf16a2
-
Size
544KB
-
Sample
230323-2mv63acf4s
-
MD5
ad7d1dab3deb06e51bfc88f76096f5fe
-
SHA1
cf5b3681d3952c9b6072e8ed230f0f8378f2d5cd
-
SHA256
8904faf1bd1ec1d7e06c0d3ca1b3bf940e040c20a678164180d264fe8ebf16a2
-
SHA512
0f5d77515954593fcfe9f59a128743756c842498687ec8548009e204029ffacbce4b66d73801e029df56ec90ccbfb3969bf145734ac7a0b0086d126991cbb16d
-
SSDEEP
12288:nMr0y90oQq3HJJwGWqeft0OqSfqgUVML6wh++xPlDTXQ:ryB3IGWb9cMe8xPZXQ
Static task
static1
Behavioral task
behavioral1
Sample
8904faf1bd1ec1d7e06c0d3ca1b3bf940e040c20a678164180d264fe8ebf16a2.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
8904faf1bd1ec1d7e06c0d3ca1b3bf940e040c20a678164180d264fe8ebf16a2
-
Size
544KB
-
MD5
ad7d1dab3deb06e51bfc88f76096f5fe
-
SHA1
cf5b3681d3952c9b6072e8ed230f0f8378f2d5cd
-
SHA256
8904faf1bd1ec1d7e06c0d3ca1b3bf940e040c20a678164180d264fe8ebf16a2
-
SHA512
0f5d77515954593fcfe9f59a128743756c842498687ec8548009e204029ffacbce4b66d73801e029df56ec90ccbfb3969bf145734ac7a0b0086d126991cbb16d
-
SSDEEP
12288:nMr0y90oQq3HJJwGWqeft0OqSfqgUVML6wh++xPlDTXQ:ryB3IGWb9cMe8xPZXQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-