General
-
Target
e4e4b0c3ef635e81a935f1867efb8adc718ba13ca9bf35f022265898b1da22a0
-
Size
546KB
-
Sample
230324-a3nndadb41
-
MD5
221a01dbbd6ef9cb70f44ff8746401f4
-
SHA1
e58ae0198f9cb796f43a7dc6db9ecaf0aec988b6
-
SHA256
e4e4b0c3ef635e81a935f1867efb8adc718ba13ca9bf35f022265898b1da22a0
-
SHA512
c117cf62f116d0723abbfbf7f21f6ec387789dd106531d7722a4cb7640c8d0e54acb3126eac314dd44da3761032a0f841af1d26899903d3f81398d8e66533e21
-
SSDEEP
12288:3MrIy90KKD9/IWp4PLtqwLZhJYqbTq47CE:7yRKD6q4TxZIsUE
Static task
static1
Behavioral task
behavioral1
Sample
e4e4b0c3ef635e81a935f1867efb8adc718ba13ca9bf35f022265898b1da22a0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
e4e4b0c3ef635e81a935f1867efb8adc718ba13ca9bf35f022265898b1da22a0
-
Size
546KB
-
MD5
221a01dbbd6ef9cb70f44ff8746401f4
-
SHA1
e58ae0198f9cb796f43a7dc6db9ecaf0aec988b6
-
SHA256
e4e4b0c3ef635e81a935f1867efb8adc718ba13ca9bf35f022265898b1da22a0
-
SHA512
c117cf62f116d0723abbfbf7f21f6ec387789dd106531d7722a4cb7640c8d0e54acb3126eac314dd44da3761032a0f841af1d26899903d3f81398d8e66533e21
-
SSDEEP
12288:3MrIy90KKD9/IWp4PLtqwLZhJYqbTq47CE:7yRKD6q4TxZIsUE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-