General
-
Target
c8c85fe91f6d97e2625da30345242a224f9216e1a2163e7e9cb56eb1f9de55d0
-
Size
544KB
-
Sample
230323-z6p32scb9y
-
MD5
f00e680678e46dea5b6525a049af39d9
-
SHA1
8750588811553aa0c9085c3e583c9505c1f43e62
-
SHA256
c8c85fe91f6d97e2625da30345242a224f9216e1a2163e7e9cb56eb1f9de55d0
-
SHA512
c0f2a0508a9938f457ed71b1334c8f5e748a6301c7576396f8b0e79598df039ed0b657e6a842dee3f55fd6b123960ff870169e57380e90714d76566b8c69f7a4
-
SSDEEP
12288:AMriy90yUIzaPpXC/7F7MEWMQscV/ZNqgU9MLpwgsUPpsg+2uDd:yytUz07FAuoRjAMt2Uxs4cd
Static task
static1
Behavioral task
behavioral1
Sample
c8c85fe91f6d97e2625da30345242a224f9216e1a2163e7e9cb56eb1f9de55d0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
c8c85fe91f6d97e2625da30345242a224f9216e1a2163e7e9cb56eb1f9de55d0
-
Size
544KB
-
MD5
f00e680678e46dea5b6525a049af39d9
-
SHA1
8750588811553aa0c9085c3e583c9505c1f43e62
-
SHA256
c8c85fe91f6d97e2625da30345242a224f9216e1a2163e7e9cb56eb1f9de55d0
-
SHA512
c0f2a0508a9938f457ed71b1334c8f5e748a6301c7576396f8b0e79598df039ed0b657e6a842dee3f55fd6b123960ff870169e57380e90714d76566b8c69f7a4
-
SSDEEP
12288:AMriy90yUIzaPpXC/7F7MEWMQscV/ZNqgU9MLpwgsUPpsg+2uDd:yytUz07FAuoRjAMt2Uxs4cd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-