General
-
Target
8b6ce2c49781f9afec564056ba4b3fd7f378532eda62246deae4d586eef61112
-
Size
546KB
-
Sample
230324-ab7l6sah93
-
MD5
dd74055d7d3197c8cf657774822e3a1d
-
SHA1
e6fa55f10c3f04f636e37fff7af73b45712b8979
-
SHA256
8b6ce2c49781f9afec564056ba4b3fd7f378532eda62246deae4d586eef61112
-
SHA512
f0bb003369bd7621398629bfa73ae82e5a2798048abe5075d46bc4255ad05ac37557c306ca5079eb3bc2821aeb90c637a16e7433c89b7bde07869f39c9e1db1f
-
SSDEEP
12288:qMrUy90JzcZn7HlJm4TZdsXCaRwr4tOXS5nITlVfS/jjav:qy5Zn7H/ZibC4mS5I5VUq
Static task
static1
Behavioral task
behavioral1
Sample
8b6ce2c49781f9afec564056ba4b3fd7f378532eda62246deae4d586eef61112.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
8b6ce2c49781f9afec564056ba4b3fd7f378532eda62246deae4d586eef61112
-
Size
546KB
-
MD5
dd74055d7d3197c8cf657774822e3a1d
-
SHA1
e6fa55f10c3f04f636e37fff7af73b45712b8979
-
SHA256
8b6ce2c49781f9afec564056ba4b3fd7f378532eda62246deae4d586eef61112
-
SHA512
f0bb003369bd7621398629bfa73ae82e5a2798048abe5075d46bc4255ad05ac37557c306ca5079eb3bc2821aeb90c637a16e7433c89b7bde07869f39c9e1db1f
-
SSDEEP
12288:qMrUy90JzcZn7HlJm4TZdsXCaRwr4tOXS5nITlVfS/jjav:qy5Zn7H/ZibC4mS5I5VUq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-