General
-
Target
582569e51ca973baaee7ff6ec657ef5ed37a60b4371b4acf52977f00bae6372a
-
Size
553KB
-
Sample
230324-2ft1eshg57
-
MD5
e5d5e677d66cb8c189286defe6569a08
-
SHA1
8482ddbe33e3dc03dbfd6e2a1aea831a6f3285c3
-
SHA256
582569e51ca973baaee7ff6ec657ef5ed37a60b4371b4acf52977f00bae6372a
-
SHA512
50cdac93832d8e44415dfd9d052acffe0b1635124e0a2fa7c745b8794927f666f15454899ef5a29507b3e470ea9085454e928e346d3dda7d3131ddc90bd422da
-
SSDEEP
12288:NMrwy90oEpjprMtzVzRSYgh8NNlgDdBWzcDZ8Bvs:ZyuFlSVzYhclGdY4Nuvs
Static task
static1
Behavioral task
behavioral1
Sample
582569e51ca973baaee7ff6ec657ef5ed37a60b4371b4acf52977f00bae6372a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
582569e51ca973baaee7ff6ec657ef5ed37a60b4371b4acf52977f00bae6372a
-
Size
553KB
-
MD5
e5d5e677d66cb8c189286defe6569a08
-
SHA1
8482ddbe33e3dc03dbfd6e2a1aea831a6f3285c3
-
SHA256
582569e51ca973baaee7ff6ec657ef5ed37a60b4371b4acf52977f00bae6372a
-
SHA512
50cdac93832d8e44415dfd9d052acffe0b1635124e0a2fa7c745b8794927f666f15454899ef5a29507b3e470ea9085454e928e346d3dda7d3131ddc90bd422da
-
SSDEEP
12288:NMrwy90oEpjprMtzVzRSYgh8NNlgDdBWzcDZ8Bvs:ZyuFlSVzYhclGdY4Nuvs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-