General
-
Target
10564d888cab5521603b7082b0fa24690ebde6c47a50dbec7c2b83e27a7b71d6
-
Size
544KB
-
Sample
230323-y9qnbaaa28
-
MD5
5c2194f32c9a5120430d1f7d0df957e3
-
SHA1
40aaeb84b27086c91f04139636adb9c5095905bc
-
SHA256
10564d888cab5521603b7082b0fa24690ebde6c47a50dbec7c2b83e27a7b71d6
-
SHA512
7d824babab3837419406339fa74db8a31e480261151667f778b3a8c5e23b7d56b55255c7bbb33ba2475256ee76c243d6d8d8f9546fcf87b71063a396a70026f6
-
SSDEEP
12288:LMrYy90g+qKT5IFZKnUKacGqQqgULMLBwhjzJ+xPlozu7t9:zyL+ql5rKcqMFY0xPSQ9
Static task
static1
Behavioral task
behavioral1
Sample
10564d888cab5521603b7082b0fa24690ebde6c47a50dbec7c2b83e27a7b71d6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
10564d888cab5521603b7082b0fa24690ebde6c47a50dbec7c2b83e27a7b71d6
-
Size
544KB
-
MD5
5c2194f32c9a5120430d1f7d0df957e3
-
SHA1
40aaeb84b27086c91f04139636adb9c5095905bc
-
SHA256
10564d888cab5521603b7082b0fa24690ebde6c47a50dbec7c2b83e27a7b71d6
-
SHA512
7d824babab3837419406339fa74db8a31e480261151667f778b3a8c5e23b7d56b55255c7bbb33ba2475256ee76c243d6d8d8f9546fcf87b71063a396a70026f6
-
SSDEEP
12288:LMrYy90g+qKT5IFZKnUKacGqQqgULMLBwhjzJ+xPlozu7t9:zyL+ql5rKcqMFY0xPSQ9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-