General
-
Target
f0d6aec76010c49bf33f299bb77155954fd8df37564a483e3a6a9b3241ae1edd
-
Size
544KB
-
Sample
230323-z7wl8aac26
-
MD5
f9fe275acc460b02a20019f8bb915563
-
SHA1
13fcb7927efd324cab503df13880ce2eba05d8fb
-
SHA256
f0d6aec76010c49bf33f299bb77155954fd8df37564a483e3a6a9b3241ae1edd
-
SHA512
deee894a58b1ada51f29dc78d48efe833c60a2a7d654d61189d1e7e86d20534c2923ec8a1237b0a5746fed467b2994ffedb1396ad6b977db20425fbb170c3ccd
-
SSDEEP
12288:VMrCy90mnK0RR1lZc2x9rRqgU9MLawIfUq4vyBxf9tGk:jyvDNZ19rv4MeavyBd
Static task
static1
Behavioral task
behavioral1
Sample
f0d6aec76010c49bf33f299bb77155954fd8df37564a483e3a6a9b3241ae1edd.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
f0d6aec76010c49bf33f299bb77155954fd8df37564a483e3a6a9b3241ae1edd
-
Size
544KB
-
MD5
f9fe275acc460b02a20019f8bb915563
-
SHA1
13fcb7927efd324cab503df13880ce2eba05d8fb
-
SHA256
f0d6aec76010c49bf33f299bb77155954fd8df37564a483e3a6a9b3241ae1edd
-
SHA512
deee894a58b1ada51f29dc78d48efe833c60a2a7d654d61189d1e7e86d20534c2923ec8a1237b0a5746fed467b2994ffedb1396ad6b977db20425fbb170c3ccd
-
SSDEEP
12288:VMrCy90mnK0RR1lZc2x9rRqgU9MLawIfUq4vyBxf9tGk:jyvDNZ19rv4MeavyBd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-