General
-
Target
9741e4893f9e34693bf28e6066f9f2ffa7f49cb97e4e49395eb2a57e4a1dd8ab
-
Size
544KB
-
Sample
230323-yzxc4sbh4v
-
MD5
7d781864a4af736e7bf2d30546a3ce4b
-
SHA1
f1786393013a0988b7514f29184f7fb2a00b559a
-
SHA256
9741e4893f9e34693bf28e6066f9f2ffa7f49cb97e4e49395eb2a57e4a1dd8ab
-
SHA512
9e24c7f76a96ffb8dc0acdaf0b19beb9c452fe1b88cfd79f14818742e78bb087349e873f07f6346d8eb66c82908ab54fab44c1cd79bba8ec73cd0ae0e73bcce3
-
SSDEEP
12288:+Mrqy90YXcUXJ9YLTklEbjqgUIMLXweOWqPW:IyfH9YLQYpMjCRPW
Static task
static1
Behavioral task
behavioral1
Sample
9741e4893f9e34693bf28e6066f9f2ffa7f49cb97e4e49395eb2a57e4a1dd8ab.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
9741e4893f9e34693bf28e6066f9f2ffa7f49cb97e4e49395eb2a57e4a1dd8ab
-
Size
544KB
-
MD5
7d781864a4af736e7bf2d30546a3ce4b
-
SHA1
f1786393013a0988b7514f29184f7fb2a00b559a
-
SHA256
9741e4893f9e34693bf28e6066f9f2ffa7f49cb97e4e49395eb2a57e4a1dd8ab
-
SHA512
9e24c7f76a96ffb8dc0acdaf0b19beb9c452fe1b88cfd79f14818742e78bb087349e873f07f6346d8eb66c82908ab54fab44c1cd79bba8ec73cd0ae0e73bcce3
-
SSDEEP
12288:+Mrqy90YXcUXJ9YLTklEbjqgUIMLXweOWqPW:IyfH9YLQYpMjCRPW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-