General
-
Target
93ea2df41af68f2fb214d670cec94e9e8873b3784cd96cbad1aaaf70a69ba42d
-
Size
546KB
-
Sample
230324-ady3taba22
-
MD5
d3798d4f67be115cdb1e1e096b946cfd
-
SHA1
e164c733dd56915e8bd8a6e38cbac41ef157881d
-
SHA256
93ea2df41af68f2fb214d670cec94e9e8873b3784cd96cbad1aaaf70a69ba42d
-
SHA512
b9f32b89710337c043cf617a806b35060aa08129ad6d5a9080afd1e87718f60557c46f348e1aaf098158d15e1e6f0d703e7a738a1c7cfb72cd9cd9fe9df69014
-
SSDEEP
12288:+MrFy90DIJY+E0LqBLRWtLwLT6yDNOVAgJDMm:nyvYm2T5DNSAoDX
Static task
static1
Behavioral task
behavioral1
Sample
93ea2df41af68f2fb214d670cec94e9e8873b3784cd96cbad1aaaf70a69ba42d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
93ea2df41af68f2fb214d670cec94e9e8873b3784cd96cbad1aaaf70a69ba42d
-
Size
546KB
-
MD5
d3798d4f67be115cdb1e1e096b946cfd
-
SHA1
e164c733dd56915e8bd8a6e38cbac41ef157881d
-
SHA256
93ea2df41af68f2fb214d670cec94e9e8873b3784cd96cbad1aaaf70a69ba42d
-
SHA512
b9f32b89710337c043cf617a806b35060aa08129ad6d5a9080afd1e87718f60557c46f348e1aaf098158d15e1e6f0d703e7a738a1c7cfb72cd9cd9fe9df69014
-
SSDEEP
12288:+MrFy90DIJY+E0LqBLRWtLwLT6yDNOVAgJDMm:nyvYm2T5DNSAoDX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-