General
-
Target
2edd1b1f631522302f962b37ceff1697efd649de811b574bf5b2b1df0f176a49
-
Size
679KB
-
Sample
230323-wr3h2shd28
-
MD5
84878e513d4dd68ab7ade21b353f793b
-
SHA1
aac4969f381f9a63db5afaea46cf5ff558cd58a6
-
SHA256
2edd1b1f631522302f962b37ceff1697efd649de811b574bf5b2b1df0f176a49
-
SHA512
527e6f016e06e37746983dab22091926d1d565c6645803adb9daa76079ae7c85b9d5dd0c821223cb5741c339289c4559ca56cf521a1cd4948b52eb228a0d26d9
-
SSDEEP
12288:PEH1eD5OI0KQZ77vfTpbq6x5QAOlgtEbKulT87:8SOPZ77HlfrQfitEbzG
Static task
static1
Behavioral task
behavioral1
Sample
2edd1b1f631522302f962b37ceff1697efd649de811b574bf5b2b1df0f176a49.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
2edd1b1f631522302f962b37ceff1697efd649de811b574bf5b2b1df0f176a49
-
Size
679KB
-
MD5
84878e513d4dd68ab7ade21b353f793b
-
SHA1
aac4969f381f9a63db5afaea46cf5ff558cd58a6
-
SHA256
2edd1b1f631522302f962b37ceff1697efd649de811b574bf5b2b1df0f176a49
-
SHA512
527e6f016e06e37746983dab22091926d1d565c6645803adb9daa76079ae7c85b9d5dd0c821223cb5741c339289c4559ca56cf521a1cd4948b52eb228a0d26d9
-
SSDEEP
12288:PEH1eD5OI0KQZ77vfTpbq6x5QAOlgtEbKulT87:8SOPZ77HlfrQfitEbzG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-