General
-
Target
9a9da4f40589bd8b0810446283c94c256542c05dda8c5149cbc4590ec637bb1a
-
Size
556KB
-
Sample
230324-11xflsbg8v
-
MD5
c3f2c226366e1f1e63db44a5f70df2ed
-
SHA1
0a1d0d60f64349abed232ed6df9ae8041dbc1528
-
SHA256
9a9da4f40589bd8b0810446283c94c256542c05dda8c5149cbc4590ec637bb1a
-
SHA512
749e1d6ab5a23cdcda0a51172525ba806e5a70d4a154322b131b04047f6fd5c5298cf2a1c104a77dd283689d4605d45eda8a3676d1520f8bc2dcf34ecd231977
-
SSDEEP
6144:KRy+bnr+Vp0yN90QEYIsfRWGEn5rkNTCyj5oCgm6Zl/wkH+6aEtIGy9NIy3HSA4c:vMr5y908w+TfdJal/Jq9NIgV45hdi
Static task
static1
Behavioral task
behavioral1
Sample
9a9da4f40589bd8b0810446283c94c256542c05dda8c5149cbc4590ec637bb1a.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
9a9da4f40589bd8b0810446283c94c256542c05dda8c5149cbc4590ec637bb1a
-
Size
556KB
-
MD5
c3f2c226366e1f1e63db44a5f70df2ed
-
SHA1
0a1d0d60f64349abed232ed6df9ae8041dbc1528
-
SHA256
9a9da4f40589bd8b0810446283c94c256542c05dda8c5149cbc4590ec637bb1a
-
SHA512
749e1d6ab5a23cdcda0a51172525ba806e5a70d4a154322b131b04047f6fd5c5298cf2a1c104a77dd283689d4605d45eda8a3676d1520f8bc2dcf34ecd231977
-
SSDEEP
6144:KRy+bnr+Vp0yN90QEYIsfRWGEn5rkNTCyj5oCgm6Zl/wkH+6aEtIGy9NIy3HSA4c:vMr5y908w+TfdJal/Jq9NIgV45hdi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-