General
-
Target
395e358ab8e7685f16c6858ff17359d5987db7cc71abf78ba5f8a4fffaf84846
-
Size
544KB
-
Sample
230323-tv1shsgg85
-
MD5
e9cde2f39a3eb3d9573f06e83518a948
-
SHA1
98cac3864f9c8b8d7e045bb1e591f7af3e14f443
-
SHA256
395e358ab8e7685f16c6858ff17359d5987db7cc71abf78ba5f8a4fffaf84846
-
SHA512
8f15634d9e33297b9a747a958b17156e7530cfacbfcd1443ba2a562a6c48e4926c32db2bce4e420c75d3280536f9faeeb0a236ed833cba8a4d327d9521f38326
-
SSDEEP
12288:bMrIy90L3bHNmKe9Rx3jWLTCUa406JZqiV:HyupFepinC743qiV
Static task
static1
Behavioral task
behavioral1
Sample
395e358ab8e7685f16c6858ff17359d5987db7cc71abf78ba5f8a4fffaf84846.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
395e358ab8e7685f16c6858ff17359d5987db7cc71abf78ba5f8a4fffaf84846
-
Size
544KB
-
MD5
e9cde2f39a3eb3d9573f06e83518a948
-
SHA1
98cac3864f9c8b8d7e045bb1e591f7af3e14f443
-
SHA256
395e358ab8e7685f16c6858ff17359d5987db7cc71abf78ba5f8a4fffaf84846
-
SHA512
8f15634d9e33297b9a747a958b17156e7530cfacbfcd1443ba2a562a6c48e4926c32db2bce4e420c75d3280536f9faeeb0a236ed833cba8a4d327d9521f38326
-
SSDEEP
12288:bMrIy90L3bHNmKe9Rx3jWLTCUa406JZqiV:HyupFepinC743qiV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-