General
-
Target
3932eca8cbaf24f5ce001a38a8b01d75497f1ab81cbcae083a9ccec34c7d20d6
-
Size
544KB
-
Sample
230323-yp65kabg7t
-
MD5
5e4c5c6d7d34081233446e98b1d3ec83
-
SHA1
25384f4e0fddae62ed4b9cdf974b432d8b511a90
-
SHA256
3932eca8cbaf24f5ce001a38a8b01d75497f1ab81cbcae083a9ccec34c7d20d6
-
SHA512
39fdf5217a7a5e22f31a8ff610f21c9c501310f43da23e32c8d76fb1fd816bcfcdd73de8567b7841d9a0acc1929bf0ee1fc9ae7446ccd1ba98ebdd0a0350be6d
-
SSDEEP
12288:BMruy90SWLCN2xuqBbIQIQ+0vhzp/RtJ3KM5RQTzL5IqD:nyAKjIz/RtTQ9IM
Static task
static1
Behavioral task
behavioral1
Sample
3932eca8cbaf24f5ce001a38a8b01d75497f1ab81cbcae083a9ccec34c7d20d6.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
3932eca8cbaf24f5ce001a38a8b01d75497f1ab81cbcae083a9ccec34c7d20d6
-
Size
544KB
-
MD5
5e4c5c6d7d34081233446e98b1d3ec83
-
SHA1
25384f4e0fddae62ed4b9cdf974b432d8b511a90
-
SHA256
3932eca8cbaf24f5ce001a38a8b01d75497f1ab81cbcae083a9ccec34c7d20d6
-
SHA512
39fdf5217a7a5e22f31a8ff610f21c9c501310f43da23e32c8d76fb1fd816bcfcdd73de8567b7841d9a0acc1929bf0ee1fc9ae7446ccd1ba98ebdd0a0350be6d
-
SSDEEP
12288:BMruy90SWLCN2xuqBbIQIQ+0vhzp/RtJ3KM5RQTzL5IqD:nyAKjIz/RtTQ9IM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-