General
-
Target
b56e6fe38668bcefba669cf32f7f784f5e1b048d39f0b203a106161f8b1760c1
-
Size
546KB
-
Sample
230323-3smbsaah53
-
MD5
e270b88fd7048823fd2067dc6202893c
-
SHA1
39d9f536a335afc0446b99ab6ec602a2fed115b6
-
SHA256
b56e6fe38668bcefba669cf32f7f784f5e1b048d39f0b203a106161f8b1760c1
-
SHA512
30f8160d0e3ca1e17cbc4f9b64d532001581d2cb018bb3ffea7059e125a62e08c52994fa4986d207d262d764dc74aa0467891732f4fd876c58bffe7ec5e8a670
-
SSDEEP
12288:gMruy90lAVNUmKgRxsLCjvLziOwITDWVoIHHZZrA7AFn:eyaeUhgAmTzdxfWCMXUAFn
Static task
static1
Behavioral task
behavioral1
Sample
b56e6fe38668bcefba669cf32f7f784f5e1b048d39f0b203a106161f8b1760c1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
b56e6fe38668bcefba669cf32f7f784f5e1b048d39f0b203a106161f8b1760c1
-
Size
546KB
-
MD5
e270b88fd7048823fd2067dc6202893c
-
SHA1
39d9f536a335afc0446b99ab6ec602a2fed115b6
-
SHA256
b56e6fe38668bcefba669cf32f7f784f5e1b048d39f0b203a106161f8b1760c1
-
SHA512
30f8160d0e3ca1e17cbc4f9b64d532001581d2cb018bb3ffea7059e125a62e08c52994fa4986d207d262d764dc74aa0467891732f4fd876c58bffe7ec5e8a670
-
SSDEEP
12288:gMruy90lAVNUmKgRxsLCjvLziOwITDWVoIHHZZrA7AFn:eyaeUhgAmTzdxfWCMXUAFn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-