General
-
Target
6a5b3058ee33e5603266ffe288215943e34303e55844cca2ac00bddaf4708115
-
Size
546KB
-
Sample
230323-31mmhsch8w
-
MD5
f7795fd1392be75ab89ba32cbc718a7e
-
SHA1
1db4960cb9b7a24ed6bc4dc16f770e5834dbe7fe
-
SHA256
6a5b3058ee33e5603266ffe288215943e34303e55844cca2ac00bddaf4708115
-
SHA512
6277a609aa1bda7b50602b5b231f49fbb6647122a46f121bdf8721812785bb8c313eeec2fd82aff720736cda9218a369431ce18056918794020ad247fd891da9
-
SSDEEP
6144:KXy+bnr+4p0yN90QE+KANBepsIZSvwHyHvQsFNRaSH7z9Oq+TT4IMRubuuZdgtfm:ZMroy90MKCgs0R9TgMAtrTZVOkoU3ZA
Static task
static1
Behavioral task
behavioral1
Sample
6a5b3058ee33e5603266ffe288215943e34303e55844cca2ac00bddaf4708115.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
6a5b3058ee33e5603266ffe288215943e34303e55844cca2ac00bddaf4708115
-
Size
546KB
-
MD5
f7795fd1392be75ab89ba32cbc718a7e
-
SHA1
1db4960cb9b7a24ed6bc4dc16f770e5834dbe7fe
-
SHA256
6a5b3058ee33e5603266ffe288215943e34303e55844cca2ac00bddaf4708115
-
SHA512
6277a609aa1bda7b50602b5b231f49fbb6647122a46f121bdf8721812785bb8c313eeec2fd82aff720736cda9218a369431ce18056918794020ad247fd891da9
-
SSDEEP
6144:KXy+bnr+4p0yN90QE+KANBepsIZSvwHyHvQsFNRaSH7z9Oq+TT4IMRubuuZdgtfm:ZMroy90MKCgs0R9TgMAtrTZVOkoU3ZA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-