General
-
Target
2c03009eabb35687d2c003449d3751cc860c1dadff7961ceb873633886b615e3
-
Size
543KB
-
Sample
230323-xz5ttahf59
-
MD5
8cc9f4639052a31280de101136f66e44
-
SHA1
403d1fb341a2d9842fdc0fe75b45de15fc586a78
-
SHA256
2c03009eabb35687d2c003449d3751cc860c1dadff7961ceb873633886b615e3
-
SHA512
5e91714d8240f960fc11fe4789787cd75d72053b2789c5c08ad750e94e30462a280ffda2ea8c56e1de2ab1ab81641568157f2c50906dcc3ecc9b162ea2cd833f
-
SSDEEP
12288:+Mroy90A/yaDXyuiujTl/6tv9+uw+qzp/wru+NLYpId18:CyCoTjTlCtnwH/wru+lt8
Static task
static1
Behavioral task
behavioral1
Sample
2c03009eabb35687d2c003449d3751cc860c1dadff7961ceb873633886b615e3.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
2c03009eabb35687d2c003449d3751cc860c1dadff7961ceb873633886b615e3
-
Size
543KB
-
MD5
8cc9f4639052a31280de101136f66e44
-
SHA1
403d1fb341a2d9842fdc0fe75b45de15fc586a78
-
SHA256
2c03009eabb35687d2c003449d3751cc860c1dadff7961ceb873633886b615e3
-
SHA512
5e91714d8240f960fc11fe4789787cd75d72053b2789c5c08ad750e94e30462a280ffda2ea8c56e1de2ab1ab81641568157f2c50906dcc3ecc9b162ea2cd833f
-
SSDEEP
12288:+Mroy90A/yaDXyuiujTl/6tv9+uw+qzp/wru+NLYpId18:CyCoTjTlCtnwH/wru+lt8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-