General
-
Target
7b38e7f367dea196b25bd6a7151d61b6171308b34563732096f8e613ba1ddf68
-
Size
546KB
-
Sample
230324-aja8yada41
-
MD5
10ea3b3ba98541e2423a51c709a4825f
-
SHA1
0c2d0817e33c7ae7c99ff5e206211b2dbef81adc
-
SHA256
7b38e7f367dea196b25bd6a7151d61b6171308b34563732096f8e613ba1ddf68
-
SHA512
12d38ae6984920f638d58302aca4de5fb453c0002ba6a15cdcd947f88d8a562bf1386cb6629f88008f8f46871f13e778f1cd8d1210429417986c9a3849d878a1
-
SSDEEP
12288:7Mrfy90DP4u9f11nT7Jrut2wLlA0HZ6vEk:8yo4ootq05U
Static task
static1
Behavioral task
behavioral1
Sample
7b38e7f367dea196b25bd6a7151d61b6171308b34563732096f8e613ba1ddf68.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
7b38e7f367dea196b25bd6a7151d61b6171308b34563732096f8e613ba1ddf68
-
Size
546KB
-
MD5
10ea3b3ba98541e2423a51c709a4825f
-
SHA1
0c2d0817e33c7ae7c99ff5e206211b2dbef81adc
-
SHA256
7b38e7f367dea196b25bd6a7151d61b6171308b34563732096f8e613ba1ddf68
-
SHA512
12d38ae6984920f638d58302aca4de5fb453c0002ba6a15cdcd947f88d8a562bf1386cb6629f88008f8f46871f13e778f1cd8d1210429417986c9a3849d878a1
-
SSDEEP
12288:7Mrfy90DP4u9f11nT7Jrut2wLlA0HZ6vEk:8yo4ootq05U
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-