General
-
Target
78be9ae3374962f724deb870a46ee6e2a17fa413217b516f5f40a506398dc99a
-
Size
544KB
-
Sample
230323-vv729shb33
-
MD5
5a65b7e0102cdded323cfe675d2eb99a
-
SHA1
35959abbce35b2ddd0cfe3547b3b93964d28bc79
-
SHA256
78be9ae3374962f724deb870a46ee6e2a17fa413217b516f5f40a506398dc99a
-
SHA512
a943455be6b3d39799a22c33bb3600b82e7c85b9d34d0b5569f2e406b83745ab809b99dc7d23f54ac2e6ed50f9e5d99d7505dd5917e9de09bb3bf453c2b6f69f
-
SSDEEP
12288:6Mrgy90sRiyFdbjAQpDjp1cx2xpHlFRId3Osv:ey/U4dbsQpDjp1cx2xpHls3v
Static task
static1
Behavioral task
behavioral1
Sample
78be9ae3374962f724deb870a46ee6e2a17fa413217b516f5f40a506398dc99a.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
78be9ae3374962f724deb870a46ee6e2a17fa413217b516f5f40a506398dc99a
-
Size
544KB
-
MD5
5a65b7e0102cdded323cfe675d2eb99a
-
SHA1
35959abbce35b2ddd0cfe3547b3b93964d28bc79
-
SHA256
78be9ae3374962f724deb870a46ee6e2a17fa413217b516f5f40a506398dc99a
-
SHA512
a943455be6b3d39799a22c33bb3600b82e7c85b9d34d0b5569f2e406b83745ab809b99dc7d23f54ac2e6ed50f9e5d99d7505dd5917e9de09bb3bf453c2b6f69f
-
SSDEEP
12288:6Mrgy90sRiyFdbjAQpDjp1cx2xpHlFRId3Osv:ey/U4dbsQpDjp1cx2xpHls3v
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-