General
-
Target
217299c34c6f558bbd25b45e96c23d5ecbaed9134ad21486ac47f13bbe207a40
-
Size
544KB
-
Sample
230323-yq5ccsbg7y
-
MD5
2b972b220c7e89584ad3fd00e64bbe94
-
SHA1
66e2c41683533f823e26d84d4c5a9bb7301db2aa
-
SHA256
217299c34c6f558bbd25b45e96c23d5ecbaed9134ad21486ac47f13bbe207a40
-
SHA512
c724eba89eed924632f0aff191d38449f91e132e2a3b025c92b75f5b56629983d8adae78302ca6b9612f7ec3d681946e4198d6030a38bc5c4f20e61d12bd2414
-
SSDEEP
12288:fMrqy90AqtlocQDI8bs5JU9tXP8zp/iIHNoIqZAJ:hyBqJpSs/AtX8/VNoIcQ
Static task
static1
Behavioral task
behavioral1
Sample
217299c34c6f558bbd25b45e96c23d5ecbaed9134ad21486ac47f13bbe207a40.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
217299c34c6f558bbd25b45e96c23d5ecbaed9134ad21486ac47f13bbe207a40
-
Size
544KB
-
MD5
2b972b220c7e89584ad3fd00e64bbe94
-
SHA1
66e2c41683533f823e26d84d4c5a9bb7301db2aa
-
SHA256
217299c34c6f558bbd25b45e96c23d5ecbaed9134ad21486ac47f13bbe207a40
-
SHA512
c724eba89eed924632f0aff191d38449f91e132e2a3b025c92b75f5b56629983d8adae78302ca6b9612f7ec3d681946e4198d6030a38bc5c4f20e61d12bd2414
-
SSDEEP
12288:fMrqy90AqtlocQDI8bs5JU9tXP8zp/iIHNoIqZAJ:hyBqJpSs/AtX8/VNoIcQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-