General
-
Target
31279d39409182e3e4fb50b9399866a9369adf46de69601c889cbff9df3e2ca9
-
Size
690KB
-
Sample
230323-3xd6zach7v
-
MD5
b81e6329c67b66fc02826bb86b936c4e
-
SHA1
41a4a27cdc7da727965fa19521a4317b1d27e8bc
-
SHA256
31279d39409182e3e4fb50b9399866a9369adf46de69601c889cbff9df3e2ca9
-
SHA512
e1efdbac616b22d4f9bcf19d8a2e504b5123f1d344a7a4837bdaf5d0ba38bebc48ccfc4ac736c902880095e2dc5705374e4e6606860bc717cbe3a982a5b6f9c8
-
SSDEEP
12288:XMA1XlYcsasrYwYVQ7UsioJ8ijdV/EPUsWqunPfEzWfdkfvR1d/tXmwH:XM03s6w5UsPjD//sWqofEifG75tXvH
Static task
static1
Behavioral task
behavioral1
Sample
31279d39409182e3e4fb50b9399866a9369adf46de69601c889cbff9df3e2ca9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
31279d39409182e3e4fb50b9399866a9369adf46de69601c889cbff9df3e2ca9
-
Size
690KB
-
MD5
b81e6329c67b66fc02826bb86b936c4e
-
SHA1
41a4a27cdc7da727965fa19521a4317b1d27e8bc
-
SHA256
31279d39409182e3e4fb50b9399866a9369adf46de69601c889cbff9df3e2ca9
-
SHA512
e1efdbac616b22d4f9bcf19d8a2e504b5123f1d344a7a4837bdaf5d0ba38bebc48ccfc4ac736c902880095e2dc5705374e4e6606860bc717cbe3a982a5b6f9c8
-
SSDEEP
12288:XMA1XlYcsasrYwYVQ7UsioJ8ijdV/EPUsWqunPfEzWfdkfvR1d/tXmwH:XM03s6w5UsPjD//sWqofEifG75tXvH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-