General
-
Target
876c2cb702b2f1de71c90e9c8c8f2b4a3e297c1d9a5d2f1715d95f54a2c094da
-
Size
679KB
-
Sample
230323-zvyaaaab56
-
MD5
a70ecac2c3dffbac7881467348f8c755
-
SHA1
03b75c82f2f7e59deaa1a077d0c91b31acf030ba
-
SHA256
876c2cb702b2f1de71c90e9c8c8f2b4a3e297c1d9a5d2f1715d95f54a2c094da
-
SHA512
10ec42a295d165c1c833ac9bad5c881df575267f139da5e64084ffe351f7f42e475874a6a18eac8b25bd4ca44251d70ffbc7ffb8a00fa3bde25980d51c0bc3ff
-
SSDEEP
12288:XGHIGD4gZKt4U5Mu3iTTKJ2e32cc8M1o/SldCnGoxkqeYBndoehW8ArY+v4:i/HeDoTKwC2r8mldwGWkCoevSY+A
Static task
static1
Behavioral task
behavioral1
Sample
876c2cb702b2f1de71c90e9c8c8f2b4a3e297c1d9a5d2f1715d95f54a2c094da.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
876c2cb702b2f1de71c90e9c8c8f2b4a3e297c1d9a5d2f1715d95f54a2c094da
-
Size
679KB
-
MD5
a70ecac2c3dffbac7881467348f8c755
-
SHA1
03b75c82f2f7e59deaa1a077d0c91b31acf030ba
-
SHA256
876c2cb702b2f1de71c90e9c8c8f2b4a3e297c1d9a5d2f1715d95f54a2c094da
-
SHA512
10ec42a295d165c1c833ac9bad5c881df575267f139da5e64084ffe351f7f42e475874a6a18eac8b25bd4ca44251d70ffbc7ffb8a00fa3bde25980d51c0bc3ff
-
SSDEEP
12288:XGHIGD4gZKt4U5Mu3iTTKJ2e32cc8M1o/SldCnGoxkqeYBndoehW8ArY+v4:i/HeDoTKwC2r8mldwGWkCoevSY+A
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-