General
-
Target
abab8ce7caa9ada24453722b49d3d7ac64fb5cc38a142f02d6e020dcc92c36ad
-
Size
544KB
-
Sample
230323-y3jlesbh5y
-
MD5
296b0c118e4b6c9a878004d97d91792c
-
SHA1
480cac4e92d64152309cdaf00fa40ee6db8dde33
-
SHA256
abab8ce7caa9ada24453722b49d3d7ac64fb5cc38a142f02d6e020dcc92c36ad
-
SHA512
6c289fbdf1d1b05b7da821cb4ecdb419c87b38287c4b25451daf0d8c3af5701113248b3b5c253979e73c5b61c2741c14e489342bb0a8070ba1fa8106c169d5a6
-
SSDEEP
12288:GMrJy90Xjmd+oXUEscYTpCqgUpMLqwIfd8XdOs:DyCjmdhYT0IMuZ8X3
Static task
static1
Behavioral task
behavioral1
Sample
abab8ce7caa9ada24453722b49d3d7ac64fb5cc38a142f02d6e020dcc92c36ad.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
abab8ce7caa9ada24453722b49d3d7ac64fb5cc38a142f02d6e020dcc92c36ad
-
Size
544KB
-
MD5
296b0c118e4b6c9a878004d97d91792c
-
SHA1
480cac4e92d64152309cdaf00fa40ee6db8dde33
-
SHA256
abab8ce7caa9ada24453722b49d3d7ac64fb5cc38a142f02d6e020dcc92c36ad
-
SHA512
6c289fbdf1d1b05b7da821cb4ecdb419c87b38287c4b25451daf0d8c3af5701113248b3b5c253979e73c5b61c2741c14e489342bb0a8070ba1fa8106c169d5a6
-
SSDEEP
12288:GMrJy90Xjmd+oXUEscYTpCqgUpMLqwIfd8XdOs:DyCjmdhYT0IMuZ8X3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-