General
-
Target
ea0c7115fdc4f3579da235b114adca3e5c6af5c0b29841a2f485a7ff58293613
-
Size
544KB
-
Sample
230323-2r9j9aaf58
-
MD5
3e02e71cfc416f1a0c8fe0aca1133aba
-
SHA1
0a18d3038e37954f7b99d207b80d84278b60ab9a
-
SHA256
ea0c7115fdc4f3579da235b114adca3e5c6af5c0b29841a2f485a7ff58293613
-
SHA512
08d7a185295862fb5e5f4cef9faa71a482a3114df6241ea20c396e9e0dd98b10777ac05361fe1137a273cb1597cbfe87cbdd4755565b11856f1eaebc90fa6e7e
-
SSDEEP
12288:yMrIy90Hm5v6WI6ORqletmFPqqgUIML8wNBaTGHjKNP0xt:Gyy+SrO8mR+BMAcAGDKNP0v
Static task
static1
Behavioral task
behavioral1
Sample
ea0c7115fdc4f3579da235b114adca3e5c6af5c0b29841a2f485a7ff58293613.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
ea0c7115fdc4f3579da235b114adca3e5c6af5c0b29841a2f485a7ff58293613
-
Size
544KB
-
MD5
3e02e71cfc416f1a0c8fe0aca1133aba
-
SHA1
0a18d3038e37954f7b99d207b80d84278b60ab9a
-
SHA256
ea0c7115fdc4f3579da235b114adca3e5c6af5c0b29841a2f485a7ff58293613
-
SHA512
08d7a185295862fb5e5f4cef9faa71a482a3114df6241ea20c396e9e0dd98b10777ac05361fe1137a273cb1597cbfe87cbdd4755565b11856f1eaebc90fa6e7e
-
SSDEEP
12288:yMrIy90Hm5v6WI6ORqletmFPqqgUIML8wNBaTGHjKNP0xt:Gyy+SrO8mR+BMAcAGDKNP0v
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-