General
-
Target
123e7013799b9d23c900e3a88686a917f03b39677d4e6dfe9b87c12d3b994d58
-
Size
545KB
-
Sample
230323-yw88hahh42
-
MD5
9d798d9ceee6548239715c2f21547c58
-
SHA1
8c4fc9e257afca370ea93a9c8823a784a1bde8e6
-
SHA256
123e7013799b9d23c900e3a88686a917f03b39677d4e6dfe9b87c12d3b994d58
-
SHA512
c45d27eb0fb0372a3c1f70b70b99c4b35695587434fb59071c4053e859e9a96affb6ee8e8f8865fb067b3a773c40d56b6a492e9f57c7e66ef909cf05bb3ec604
-
SSDEEP
12288:VMrly90GwstxXy0q8O2I05uTqbZg7/DsrQOxTItNJ:YylwszXS2Iaq/nYI3J
Static task
static1
Behavioral task
behavioral1
Sample
123e7013799b9d23c900e3a88686a917f03b39677d4e6dfe9b87c12d3b994d58.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
123e7013799b9d23c900e3a88686a917f03b39677d4e6dfe9b87c12d3b994d58
-
Size
545KB
-
MD5
9d798d9ceee6548239715c2f21547c58
-
SHA1
8c4fc9e257afca370ea93a9c8823a784a1bde8e6
-
SHA256
123e7013799b9d23c900e3a88686a917f03b39677d4e6dfe9b87c12d3b994d58
-
SHA512
c45d27eb0fb0372a3c1f70b70b99c4b35695587434fb59071c4053e859e9a96affb6ee8e8f8865fb067b3a773c40d56b6a492e9f57c7e66ef909cf05bb3ec604
-
SSDEEP
12288:VMrly90GwstxXy0q8O2I05uTqbZg7/DsrQOxTItNJ:YylwszXS2Iaq/nYI3J
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-