General
-
Target
4c77359d3430502da9958d6771fa43e8d243ba857638190605b060f6d847a20d
-
Size
546KB
-
Sample
230323-3cks1scg9w
-
MD5
69009081eb41ce6590dc4955137c3ecb
-
SHA1
571ab1bb96b35239c1fdf29b842aab1c87bcff67
-
SHA256
4c77359d3430502da9958d6771fa43e8d243ba857638190605b060f6d847a20d
-
SHA512
db7f6799e0d4590341bbda4d65476872f2b594196214361efe7fe070ce67d219db570838ad6da03ef4a291e2a5229afa4e9764315d80dbdc9e095fc2c7d5a243
-
SSDEEP
12288:6Mrky90FWUsJ8J3YiJ892/KGUryje0STTGhZUpX+QFLY0z:Cy89saJD8s/tWyqjuPWX+Qdlz
Static task
static1
Behavioral task
behavioral1
Sample
4c77359d3430502da9958d6771fa43e8d243ba857638190605b060f6d847a20d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
4c77359d3430502da9958d6771fa43e8d243ba857638190605b060f6d847a20d
-
Size
546KB
-
MD5
69009081eb41ce6590dc4955137c3ecb
-
SHA1
571ab1bb96b35239c1fdf29b842aab1c87bcff67
-
SHA256
4c77359d3430502da9958d6771fa43e8d243ba857638190605b060f6d847a20d
-
SHA512
db7f6799e0d4590341bbda4d65476872f2b594196214361efe7fe070ce67d219db570838ad6da03ef4a291e2a5229afa4e9764315d80dbdc9e095fc2c7d5a243
-
SSDEEP
12288:6Mrky90FWUsJ8J3YiJ892/KGUryje0STTGhZUpX+QFLY0z:Cy89saJD8s/tWyqjuPWX+Qdlz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-