General
-
Target
5270c3aafec32be28f574a4c89e9d371734f0cf37486cbb902d72af7f257671f
-
Size
546KB
-
Sample
230324-a271madb4z
-
MD5
4345f67d869bb4242c58adb5d6515cb4
-
SHA1
e6d00099a50dd514adbbcb37c4448734a3d2c850
-
SHA256
5270c3aafec32be28f574a4c89e9d371734f0cf37486cbb902d72af7f257671f
-
SHA512
20eb04fe8be2a4484d563718ea75a86d854e8446a1a96074a5abd2c007eca2b5ca47d9b2c19a3befcbb5873ee24c24e5d6b669b04a0177b5a50e8f6ca05a59e9
-
SSDEEP
12288:uMrdy90GbshEjzOBR7hZM8NJst3wL9yR4D14F7mFf:PydbsGjiT/MieW9yR4D14lyf
Static task
static1
Behavioral task
behavioral1
Sample
5270c3aafec32be28f574a4c89e9d371734f0cf37486cbb902d72af7f257671f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Targets
-
-
Target
5270c3aafec32be28f574a4c89e9d371734f0cf37486cbb902d72af7f257671f
-
Size
546KB
-
MD5
4345f67d869bb4242c58adb5d6515cb4
-
SHA1
e6d00099a50dd514adbbcb37c4448734a3d2c850
-
SHA256
5270c3aafec32be28f574a4c89e9d371734f0cf37486cbb902d72af7f257671f
-
SHA512
20eb04fe8be2a4484d563718ea75a86d854e8446a1a96074a5abd2c007eca2b5ca47d9b2c19a3befcbb5873ee24c24e5d6b669b04a0177b5a50e8f6ca05a59e9
-
SSDEEP
12288:uMrdy90GbshEjzOBR7hZM8NJst3wL9yR4D14F7mFf:PydbsGjiT/MieW9yR4D14lyf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-