General
-
Target
6139562cd1d6a37906e77f90b35fd222347b040a1bba8e80606f7b7d540babf2
-
Size
690KB
-
Sample
230323-3a1fpacg8y
-
MD5
6ceb02e5279de080379bd38c5e6a098e
-
SHA1
e7751ee0e3a39310bbdfad375e8020ab4e31352a
-
SHA256
6139562cd1d6a37906e77f90b35fd222347b040a1bba8e80606f7b7d540babf2
-
SHA512
7dc1136f9a00e6b45d2361d099adc0e432d204d4407883a23758d39bb9b22ea79245d32c5fae427f0d06222680c6b9e976b3de613e4905d125f57b7cb81d3711
-
SSDEEP
12288:GMA1XlYcsasrYwYVQ7UsioJ8ijdV/EPUsWqunPfEzWfdkfvR1d/tXmwH:GM03s6w5UsPjD//sWqofEifG75tXvH
Static task
static1
Behavioral task
behavioral1
Sample
6139562cd1d6a37906e77f90b35fd222347b040a1bba8e80606f7b7d540babf2.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
6139562cd1d6a37906e77f90b35fd222347b040a1bba8e80606f7b7d540babf2
-
Size
690KB
-
MD5
6ceb02e5279de080379bd38c5e6a098e
-
SHA1
e7751ee0e3a39310bbdfad375e8020ab4e31352a
-
SHA256
6139562cd1d6a37906e77f90b35fd222347b040a1bba8e80606f7b7d540babf2
-
SHA512
7dc1136f9a00e6b45d2361d099adc0e432d204d4407883a23758d39bb9b22ea79245d32c5fae427f0d06222680c6b9e976b3de613e4905d125f57b7cb81d3711
-
SSDEEP
12288:GMA1XlYcsasrYwYVQ7UsioJ8ijdV/EPUsWqunPfEzWfdkfvR1d/tXmwH:GM03s6w5UsPjD//sWqofEifG75tXvH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-