General
-
Target
26ef8f6113e1fc1b5382c94560d2e1ddca69c878c24da8f57e7da552bec62423
-
Size
544KB
-
Sample
230323-zs6tmscb2x
-
MD5
5174c8e36c0eb9017929c0b06bf168c6
-
SHA1
029e3c55ea488801cb827a54d2475c9c776df7fc
-
SHA256
26ef8f6113e1fc1b5382c94560d2e1ddca69c878c24da8f57e7da552bec62423
-
SHA512
37790b1068d28ab63dd4c9af0aa1d2420ab0c44466551dee3ebc078f6cead4ec284f3e40f5d25f007641371a618f7be988e8468a9f150bc58cd3eca02d401623
-
SSDEEP
12288:CMrAy90mKFcs4PB7cokeXwqgUmMLowToFT/gpf3:uybe4B7XMHM8rmf3
Static task
static1
Behavioral task
behavioral1
Sample
26ef8f6113e1fc1b5382c94560d2e1ddca69c878c24da8f57e7da552bec62423.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
26ef8f6113e1fc1b5382c94560d2e1ddca69c878c24da8f57e7da552bec62423
-
Size
544KB
-
MD5
5174c8e36c0eb9017929c0b06bf168c6
-
SHA1
029e3c55ea488801cb827a54d2475c9c776df7fc
-
SHA256
26ef8f6113e1fc1b5382c94560d2e1ddca69c878c24da8f57e7da552bec62423
-
SHA512
37790b1068d28ab63dd4c9af0aa1d2420ab0c44466551dee3ebc078f6cead4ec284f3e40f5d25f007641371a618f7be988e8468a9f150bc58cd3eca02d401623
-
SSDEEP
12288:CMrAy90mKFcs4PB7cokeXwqgUmMLowToFT/gpf3:uybe4B7XMHM8rmf3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-