General
-
Target
473bb87d577b8593de3c27bd09374b36e1cf967c11a0342444ac01eaf15df2e9
-
Size
544KB
-
Sample
230323-ze4r5aaa66
-
MD5
746ba09d309bd75124eed16c7b8d0e8f
-
SHA1
cf2cf3a51f94dc14e6a80f15ff557dcc95a36c56
-
SHA256
473bb87d577b8593de3c27bd09374b36e1cf967c11a0342444ac01eaf15df2e9
-
SHA512
d5d2fa5865afa142ccc7adb5a10ac7c64a93100a723f9a68b7fc73079dc64ce0ca1bb6ff3348586b4210a138a2471b5bd51a16895eb129c4552abdec1b0b42b0
-
SSDEEP
12288:9Mrwy90OzWHoNtqGn8fN0OJNkqgUXMLkwWD8UZJTB9TjiaZ:5yuINMGeEGMwjV7iE
Static task
static1
Behavioral task
behavioral1
Sample
473bb87d577b8593de3c27bd09374b36e1cf967c11a0342444ac01eaf15df2e9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
473bb87d577b8593de3c27bd09374b36e1cf967c11a0342444ac01eaf15df2e9
-
Size
544KB
-
MD5
746ba09d309bd75124eed16c7b8d0e8f
-
SHA1
cf2cf3a51f94dc14e6a80f15ff557dcc95a36c56
-
SHA256
473bb87d577b8593de3c27bd09374b36e1cf967c11a0342444ac01eaf15df2e9
-
SHA512
d5d2fa5865afa142ccc7adb5a10ac7c64a93100a723f9a68b7fc73079dc64ce0ca1bb6ff3348586b4210a138a2471b5bd51a16895eb129c4552abdec1b0b42b0
-
SSDEEP
12288:9Mrwy90OzWHoNtqGn8fN0OJNkqgUXMLkwWD8UZJTB9TjiaZ:5yuINMGeEGMwjV7iE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-