General
-
Target
7662093458b3e4dbef63d87a833fb53796a11b63bbd842470f9bdd0878a98fcb
-
Size
544KB
-
Sample
230323-tj7fxsgg34
-
MD5
9d3231a0a9ab39e4391b3e17e551ca29
-
SHA1
3c720a9365e2c7a85db69b7f04bed63b82acd3b7
-
SHA256
7662093458b3e4dbef63d87a833fb53796a11b63bbd842470f9bdd0878a98fcb
-
SHA512
f8fd9d0e1c1d61d3cd65214df08ee1b1ddaeceb5a586d426f93d2e0539d9aaa01367c8e53289080f47c162ec4bc72a72a16ac133da07e9231aa1ad7901be492a
-
SSDEEP
6144:KYy+bnr+Fp0yN90QEtaZkgNq9YDXuCeCR+vP0BmaBGAqboWM22QGU7wP8WDgXQnK:QMrJy90Iq9QUCq8j8dIQHsPN8omxaM
Static task
static1
Behavioral task
behavioral1
Sample
7662093458b3e4dbef63d87a833fb53796a11b63bbd842470f9bdd0878a98fcb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
7662093458b3e4dbef63d87a833fb53796a11b63bbd842470f9bdd0878a98fcb
-
Size
544KB
-
MD5
9d3231a0a9ab39e4391b3e17e551ca29
-
SHA1
3c720a9365e2c7a85db69b7f04bed63b82acd3b7
-
SHA256
7662093458b3e4dbef63d87a833fb53796a11b63bbd842470f9bdd0878a98fcb
-
SHA512
f8fd9d0e1c1d61d3cd65214df08ee1b1ddaeceb5a586d426f93d2e0539d9aaa01367c8e53289080f47c162ec4bc72a72a16ac133da07e9231aa1ad7901be492a
-
SSDEEP
6144:KYy+bnr+Fp0yN90QEtaZkgNq9YDXuCeCR+vP0BmaBGAqboWM22QGU7wP8WDgXQnK:QMrJy90Iq9QUCq8j8dIQHsPN8omxaM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-