General
-
Target
c779f27195fd39237d3dd731d5e2c4688ed2f78f395793cbe0570f815afb8d23
-
Size
544KB
-
Sample
230323-zhst2aaa78
-
MD5
ad8fd2e65130ab34b2ff95c47e3f0748
-
SHA1
78095e633509b50f63f2b98951ccba92a38ee8d7
-
SHA256
c779f27195fd39237d3dd731d5e2c4688ed2f78f395793cbe0570f815afb8d23
-
SHA512
2324824824f0246560e2b13a80cac0b4a5d791bf79f5a439fbac2f221346e4cf8329cd0bc4b25bb648f1382f01df4c795390db5e55838fd06c4a44050d3c6b9e
-
SSDEEP
12288:7MrWy90RGrH4o3JNpYhjBUndXfp0OjVPqgUIMLowv8/+NH4ZO5Y508:dykGrH4o3JNpueRTpMEg5NYgO508
Static task
static1
Behavioral task
behavioral1
Sample
c779f27195fd39237d3dd731d5e2c4688ed2f78f395793cbe0570f815afb8d23.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
c779f27195fd39237d3dd731d5e2c4688ed2f78f395793cbe0570f815afb8d23
-
Size
544KB
-
MD5
ad8fd2e65130ab34b2ff95c47e3f0748
-
SHA1
78095e633509b50f63f2b98951ccba92a38ee8d7
-
SHA256
c779f27195fd39237d3dd731d5e2c4688ed2f78f395793cbe0570f815afb8d23
-
SHA512
2324824824f0246560e2b13a80cac0b4a5d791bf79f5a439fbac2f221346e4cf8329cd0bc4b25bb648f1382f01df4c795390db5e55838fd06c4a44050d3c6b9e
-
SSDEEP
12288:7MrWy90RGrH4o3JNpYhjBUndXfp0OjVPqgUIMLowv8/+NH4ZO5Y508:dykGrH4o3JNpueRTpMEg5NYgO508
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-