General
-
Target
37fd8dd8d3ac6c3651108f36ddb871aac30f84ab3ceed0ee5463fdeb6cd22f49
-
Size
679KB
-
Sample
230323-x61hnsbf51
-
MD5
9450340fed15f54e1392fdc2b66c58ed
-
SHA1
9e562b9b550fd383ebc0ba382d99b977c2fd731b
-
SHA256
37fd8dd8d3ac6c3651108f36ddb871aac30f84ab3ceed0ee5463fdeb6cd22f49
-
SHA512
6265f43e15b035cbb7af8ea6ebe2c06a3113dafa6516c868525cafff903f5e1d23f57827ca0bfe4eb9087fb329e98988d10e79bee4c164924af9c29cd9c6edd5
-
SSDEEP
12288:vHmxMy2FxQAVSh5ahZXhrlX4BAQitxjN7ThRsWTt:/bLFxQAk5wzhQitnsE
Static task
static1
Behavioral task
behavioral1
Sample
37fd8dd8d3ac6c3651108f36ddb871aac30f84ab3ceed0ee5463fdeb6cd22f49.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
37fd8dd8d3ac6c3651108f36ddb871aac30f84ab3ceed0ee5463fdeb6cd22f49
-
Size
679KB
-
MD5
9450340fed15f54e1392fdc2b66c58ed
-
SHA1
9e562b9b550fd383ebc0ba382d99b977c2fd731b
-
SHA256
37fd8dd8d3ac6c3651108f36ddb871aac30f84ab3ceed0ee5463fdeb6cd22f49
-
SHA512
6265f43e15b035cbb7af8ea6ebe2c06a3113dafa6516c868525cafff903f5e1d23f57827ca0bfe4eb9087fb329e98988d10e79bee4c164924af9c29cd9c6edd5
-
SSDEEP
12288:vHmxMy2FxQAVSh5ahZXhrlX4BAQitxjN7ThRsWTt:/bLFxQAk5wzhQitnsE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-