General
-
Target
3fc205efc0dfe49e7b5b9a379f9af72b1233dada4f2e87ad688230bbe6a2e2a2
-
Size
544KB
-
Sample
230323-z4zjpsab93
-
MD5
9463fda1ceca45af600ad210d5f27e9a
-
SHA1
c9202caea4b2e7d3cd85868b6bf7ff5616acab6c
-
SHA256
3fc205efc0dfe49e7b5b9a379f9af72b1233dada4f2e87ad688230bbe6a2e2a2
-
SHA512
0a2906b11096c574751a6e907abaf92bd221b46cb26e9681df4e89a483bf151eab37988990e1d6e00e2b05c82a5287a8df909a042204d3f37860b41082735db0
-
SSDEEP
12288:0Mrqy90Bd8yM7OyRkEWrVcJf4pfuHfqgUhML2wv8lLceYY:uyi7NEkcJT1MM6c8lAe9
Static task
static1
Behavioral task
behavioral1
Sample
3fc205efc0dfe49e7b5b9a379f9af72b1233dada4f2e87ad688230bbe6a2e2a2.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
3fc205efc0dfe49e7b5b9a379f9af72b1233dada4f2e87ad688230bbe6a2e2a2
-
Size
544KB
-
MD5
9463fda1ceca45af600ad210d5f27e9a
-
SHA1
c9202caea4b2e7d3cd85868b6bf7ff5616acab6c
-
SHA256
3fc205efc0dfe49e7b5b9a379f9af72b1233dada4f2e87ad688230bbe6a2e2a2
-
SHA512
0a2906b11096c574751a6e907abaf92bd221b46cb26e9681df4e89a483bf151eab37988990e1d6e00e2b05c82a5287a8df909a042204d3f37860b41082735db0
-
SSDEEP
12288:0Mrqy90Bd8yM7OyRkEWrVcJf4pfuHfqgUhML2wv8lLceYY:uyi7NEkcJT1MM6c8lAe9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-