General
-
Target
abdf5de0731dcfe6db702e220cf62ebd8e3a864712b1a84437cdb274c475fb0f
-
Size
679KB
-
Sample
230323-xvef3abe7s
-
MD5
bf338f2749d41a1d1c7a1437c78af3d1
-
SHA1
589a0387a53bb0f2914e290eba59c93fc817752b
-
SHA256
abdf5de0731dcfe6db702e220cf62ebd8e3a864712b1a84437cdb274c475fb0f
-
SHA512
17c2848f5737f2b3bf63ba53b4c23a9f1da87f9f9c8402d42998a34651ff7a2cbef17889444153e9c88d3416b93e6e528de8114a748f547734fdf6a19bc06f10
-
SSDEEP
12288:WHmxMy2FxQAVSh5ahZXhrlX4BAQitxjN7ThRsWTt:ibLFxQAk5wzhQitnsE
Static task
static1
Behavioral task
behavioral1
Sample
abdf5de0731dcfe6db702e220cf62ebd8e3a864712b1a84437cdb274c475fb0f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
abdf5de0731dcfe6db702e220cf62ebd8e3a864712b1a84437cdb274c475fb0f
-
Size
679KB
-
MD5
bf338f2749d41a1d1c7a1437c78af3d1
-
SHA1
589a0387a53bb0f2914e290eba59c93fc817752b
-
SHA256
abdf5de0731dcfe6db702e220cf62ebd8e3a864712b1a84437cdb274c475fb0f
-
SHA512
17c2848f5737f2b3bf63ba53b4c23a9f1da87f9f9c8402d42998a34651ff7a2cbef17889444153e9c88d3416b93e6e528de8114a748f547734fdf6a19bc06f10
-
SSDEEP
12288:WHmxMy2FxQAVSh5ahZXhrlX4BAQitxjN7ThRsWTt:ibLFxQAk5wzhQitnsE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-