General
-
Target
27d88c8cb7a0de490f31df142b7e9fe4e11fc3c90eef397f924bdcf6793794c0
-
Size
546KB
-
Sample
230324-agla5ada4s
-
MD5
d56efaff2482283da4a66d89f863a2cc
-
SHA1
13e374131f7f22d615dbe826165c43166049c34e
-
SHA256
27d88c8cb7a0de490f31df142b7e9fe4e11fc3c90eef397f924bdcf6793794c0
-
SHA512
d2863de247c14adf8603937ff89998c6e9ad5b9c62eb018fb6234e6cf0491f5b58445243b762aff1e01cb9070a8487c0b572ca3d672cae81cbee06be1c497c00
-
SSDEEP
12288:wMrIy90aoemQIOsclIqp4estqwLEwJYq1+j:oy/tmaKu4jxELC+j
Static task
static1
Behavioral task
behavioral1
Sample
27d88c8cb7a0de490f31df142b7e9fe4e11fc3c90eef397f924bdcf6793794c0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
27d88c8cb7a0de490f31df142b7e9fe4e11fc3c90eef397f924bdcf6793794c0
-
Size
546KB
-
MD5
d56efaff2482283da4a66d89f863a2cc
-
SHA1
13e374131f7f22d615dbe826165c43166049c34e
-
SHA256
27d88c8cb7a0de490f31df142b7e9fe4e11fc3c90eef397f924bdcf6793794c0
-
SHA512
d2863de247c14adf8603937ff89998c6e9ad5b9c62eb018fb6234e6cf0491f5b58445243b762aff1e01cb9070a8487c0b572ca3d672cae81cbee06be1c497c00
-
SSDEEP
12288:wMrIy90aoemQIOsclIqp4estqwLEwJYq1+j:oy/tmaKu4jxELC+j
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-