General
-
Target
91e6a3204da99e8d3ab9dc7ff0ba50187c6999619882fd509fb7229dffe07ae5
-
Size
544KB
-
Sample
230323-y565habh7t
-
MD5
ebfe86d1eaf90abbb3a66e36066eb4e5
-
SHA1
64c2660dfae93bb4ca670f9ea9bf180ac9996e7a
-
SHA256
91e6a3204da99e8d3ab9dc7ff0ba50187c6999619882fd509fb7229dffe07ae5
-
SHA512
769d57f051396d46950bbbb2a33ed8cb27fa6b37fe9885e9e8311b5477ab2bea35907553684807cb37b2faebd76a3d159eeea45395a5cc316924e91ef39f865d
-
SSDEEP
12288:xMrfy90fAc0WEsjOwiC3qybft0OJJBqgU7MLHw0L5RsS12:iyGeZsjiS5fOMjpTv12
Static task
static1
Behavioral task
behavioral1
Sample
91e6a3204da99e8d3ab9dc7ff0ba50187c6999619882fd509fb7229dffe07ae5.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
91e6a3204da99e8d3ab9dc7ff0ba50187c6999619882fd509fb7229dffe07ae5
-
Size
544KB
-
MD5
ebfe86d1eaf90abbb3a66e36066eb4e5
-
SHA1
64c2660dfae93bb4ca670f9ea9bf180ac9996e7a
-
SHA256
91e6a3204da99e8d3ab9dc7ff0ba50187c6999619882fd509fb7229dffe07ae5
-
SHA512
769d57f051396d46950bbbb2a33ed8cb27fa6b37fe9885e9e8311b5477ab2bea35907553684807cb37b2faebd76a3d159eeea45395a5cc316924e91ef39f865d
-
SSDEEP
12288:xMrfy90fAc0WEsjOwiC3qybft0OJJBqgU7MLHw0L5RsS12:iyGeZsjiS5fOMjpTv12
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-