General
-
Target
a65163caf1a09f85beeba35f87397077a526af0c6ab718f32b9226360ea87777
-
Size
679KB
-
Sample
230323-x3htfshf73
-
MD5
ded74aa52da9e181688ed8dfd2b52696
-
SHA1
23bcf56b5bc76a826a313df6406b19aae55b3fec
-
SHA256
a65163caf1a09f85beeba35f87397077a526af0c6ab718f32b9226360ea87777
-
SHA512
1ed29fc85247e362e4db8f1073b913679c8470415413738a19cb1c35c9612b4d20292800cf7b6c96482fe01837f780cea90c4a65836bd4781287b5a271ef96f8
-
SSDEEP
12288:uHmxMy2FxQAVSh5ahZXhrlX4BAQitxjN7ThRsWTt:qbLFxQAk5wzhQitnsE
Static task
static1
Behavioral task
behavioral1
Sample
a65163caf1a09f85beeba35f87397077a526af0c6ab718f32b9226360ea87777.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
a65163caf1a09f85beeba35f87397077a526af0c6ab718f32b9226360ea87777
-
Size
679KB
-
MD5
ded74aa52da9e181688ed8dfd2b52696
-
SHA1
23bcf56b5bc76a826a313df6406b19aae55b3fec
-
SHA256
a65163caf1a09f85beeba35f87397077a526af0c6ab718f32b9226360ea87777
-
SHA512
1ed29fc85247e362e4db8f1073b913679c8470415413738a19cb1c35c9612b4d20292800cf7b6c96482fe01837f780cea90c4a65836bd4781287b5a271ef96f8
-
SSDEEP
12288:uHmxMy2FxQAVSh5ahZXhrlX4BAQitxjN7ThRsWTt:qbLFxQAk5wzhQitnsE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-