General
-
Target
56f0ce88ba47ff902e11ff24cfd36b81bef4b1eeada25960fd37e9cf2a4d8b84
-
Size
678KB
-
Sample
230323-v6qx5ahb84
-
MD5
579a8391e26ef97841b0e8ac55fc3dc0
-
SHA1
a42555ae19e4c98565520103c13a55ae660aacec
-
SHA256
56f0ce88ba47ff902e11ff24cfd36b81bef4b1eeada25960fd37e9cf2a4d8b84
-
SHA512
8fe070ca3147caa74f76760b6afe9b6124e0ef6d8b71ce4f3cf1fba133498de6c4b9970cd65ca3d44bbc40c03463408da40669e409768aa89c9a66558d6ef423
-
SSDEEP
12288:HH3E5EayeXnhhxQ4GOxy7NRL8imfK5CSPZNfOObDjtwxlAHTApQZ:nEELe/CQeNGDy5CSPffOOxwSTtZ
Static task
static1
Behavioral task
behavioral1
Sample
56f0ce88ba47ff902e11ff24cfd36b81bef4b1eeada25960fd37e9cf2a4d8b84.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
56f0ce88ba47ff902e11ff24cfd36b81bef4b1eeada25960fd37e9cf2a4d8b84
-
Size
678KB
-
MD5
579a8391e26ef97841b0e8ac55fc3dc0
-
SHA1
a42555ae19e4c98565520103c13a55ae660aacec
-
SHA256
56f0ce88ba47ff902e11ff24cfd36b81bef4b1eeada25960fd37e9cf2a4d8b84
-
SHA512
8fe070ca3147caa74f76760b6afe9b6124e0ef6d8b71ce4f3cf1fba133498de6c4b9970cd65ca3d44bbc40c03463408da40669e409768aa89c9a66558d6ef423
-
SSDEEP
12288:HH3E5EayeXnhhxQ4GOxy7NRL8imfK5CSPZNfOObDjtwxlAHTApQZ:nEELe/CQeNGDy5CSPffOOxwSTtZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-