General
-
Target
fa5b31650c6d74eadbb2c01d750513f0333ea0079dd1c56037aaa24a86209709
-
Size
547KB
-
Sample
230323-3psdmaah36
-
MD5
9514d04105f6a0d2d869293dd02aa2f9
-
SHA1
da06397d95a116b3d2fceda5e50f7480fd9157df
-
SHA256
fa5b31650c6d74eadbb2c01d750513f0333ea0079dd1c56037aaa24a86209709
-
SHA512
f2b759b407c3fba8c2c3816fe530581271d1dbcdba12387c734d4e9d96092daf7bf52461c9d4f0f1060a8963d7609ddd07e6608ce8fe27b0527bc052963e83c8
-
SSDEEP
12288:eMrQy90n0PWehBsNEGnlm8uxT/s4Y+jsCW:6yevQ8aDNhQ9
Static task
static1
Behavioral task
behavioral1
Sample
fa5b31650c6d74eadbb2c01d750513f0333ea0079dd1c56037aaa24a86209709.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
fa5b31650c6d74eadbb2c01d750513f0333ea0079dd1c56037aaa24a86209709
-
Size
547KB
-
MD5
9514d04105f6a0d2d869293dd02aa2f9
-
SHA1
da06397d95a116b3d2fceda5e50f7480fd9157df
-
SHA256
fa5b31650c6d74eadbb2c01d750513f0333ea0079dd1c56037aaa24a86209709
-
SHA512
f2b759b407c3fba8c2c3816fe530581271d1dbcdba12387c734d4e9d96092daf7bf52461c9d4f0f1060a8963d7609ddd07e6608ce8fe27b0527bc052963e83c8
-
SSDEEP
12288:eMrQy90n0PWehBsNEGnlm8uxT/s4Y+jsCW:6yevQ8aDNhQ9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-