General
-
Target
90bba239d7fa28f6e6326eca7fc693fc7dd42d2294a9caf6c5c870c0075d7a70
-
Size
544KB
-
Sample
230323-vk9s4sha59
-
MD5
fd209b3dd4d2c3253fccbc596b23a3cd
-
SHA1
2344657f2d6a08a9e32ada8e64fafcb703d42f89
-
SHA256
90bba239d7fa28f6e6326eca7fc693fc7dd42d2294a9caf6c5c870c0075d7a70
-
SHA512
e10926f981b005b91a70353dfe179f9d5dfba2251cabdda9e8c3c2f9ec08702d5b36dce7c2c297353f1dda6568fd29af711bb7747720d3d8cd521c0ec823c22b
-
SSDEEP
12288:tMrBy90i1fNwOsA+Hg+5jMh2Z3OEOnXlYLh1DRwK:0y1utzHgsjMCr+XuLGK
Static task
static1
Behavioral task
behavioral1
Sample
90bba239d7fa28f6e6326eca7fc693fc7dd42d2294a9caf6c5c870c0075d7a70.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
90bba239d7fa28f6e6326eca7fc693fc7dd42d2294a9caf6c5c870c0075d7a70
-
Size
544KB
-
MD5
fd209b3dd4d2c3253fccbc596b23a3cd
-
SHA1
2344657f2d6a08a9e32ada8e64fafcb703d42f89
-
SHA256
90bba239d7fa28f6e6326eca7fc693fc7dd42d2294a9caf6c5c870c0075d7a70
-
SHA512
e10926f981b005b91a70353dfe179f9d5dfba2251cabdda9e8c3c2f9ec08702d5b36dce7c2c297353f1dda6568fd29af711bb7747720d3d8cd521c0ec823c22b
-
SSDEEP
12288:tMrBy90i1fNwOsA+Hg+5jMh2Z3OEOnXlYLh1DRwK:0y1utzHgsjMCr+XuLGK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-