General
-
Target
61eb23740b53f193d9239c044dd90976be692ab14797c570487abf97f642079d
-
Size
544KB
-
Sample
230323-ynad7shg79
-
MD5
eea159f285bb0ef2ce8115e3b5328c0b
-
SHA1
cdd45a160ad0cae7807c4297071ee27170d90f73
-
SHA256
61eb23740b53f193d9239c044dd90976be692ab14797c570487abf97f642079d
-
SHA512
3a1f03308fb5cbebba9cd435953b01cc4ef362dc0157585ddb0ae3333ca5effa4baf0775bf6238d21111b39c15292d9e73ffd4b8b1da770e2c5a26620681ab07
-
SSDEEP
12288:5Mrwy90kcCDlXBZ8z3OSBlASzp/E+7rYc9:hyEW7SBl9/E+7rYc9
Static task
static1
Behavioral task
behavioral1
Sample
61eb23740b53f193d9239c044dd90976be692ab14797c570487abf97f642079d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
61eb23740b53f193d9239c044dd90976be692ab14797c570487abf97f642079d
-
Size
544KB
-
MD5
eea159f285bb0ef2ce8115e3b5328c0b
-
SHA1
cdd45a160ad0cae7807c4297071ee27170d90f73
-
SHA256
61eb23740b53f193d9239c044dd90976be692ab14797c570487abf97f642079d
-
SHA512
3a1f03308fb5cbebba9cd435953b01cc4ef362dc0157585ddb0ae3333ca5effa4baf0775bf6238d21111b39c15292d9e73ffd4b8b1da770e2c5a26620681ab07
-
SSDEEP
12288:5Mrwy90kcCDlXBZ8z3OSBlASzp/E+7rYc9:hyEW7SBl9/E+7rYc9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-