General
-
Target
f66aff46abad7d6a15b4da1a7c1ac94c742dbb49d79303c0901989d1165ac1b4
-
Size
546KB
-
Sample
230324-als7jaba59
-
MD5
c56b11f9911b31af1e9e30999a85e9c6
-
SHA1
c2201f118cbf96cec4c45ea4eb454ab9f50df0fd
-
SHA256
f66aff46abad7d6a15b4da1a7c1ac94c742dbb49d79303c0901989d1165ac1b4
-
SHA512
550a093ecf1d8cc2c08d29a89221671b555d0d4d20236769513ba723124a13abb5d9bdb973266c6124ad0f7815a00adb63b52399b1b3d4079b15730608b4cc17
-
SSDEEP
12288:4MrEy90TZBjgVDz1xXpHuN4lMNisDgnc6tQwLEjhl47QC4qi:cycBORxXsiCY5LEjhl4754d
Static task
static1
Behavioral task
behavioral1
Sample
f66aff46abad7d6a15b4da1a7c1ac94c742dbb49d79303c0901989d1165ac1b4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
f66aff46abad7d6a15b4da1a7c1ac94c742dbb49d79303c0901989d1165ac1b4
-
Size
546KB
-
MD5
c56b11f9911b31af1e9e30999a85e9c6
-
SHA1
c2201f118cbf96cec4c45ea4eb454ab9f50df0fd
-
SHA256
f66aff46abad7d6a15b4da1a7c1ac94c742dbb49d79303c0901989d1165ac1b4
-
SHA512
550a093ecf1d8cc2c08d29a89221671b555d0d4d20236769513ba723124a13abb5d9bdb973266c6124ad0f7815a00adb63b52399b1b3d4079b15730608b4cc17
-
SSDEEP
12288:4MrEy90TZBjgVDz1xXpHuN4lMNisDgnc6tQwLEjhl47QC4qi:cycBORxXsiCY5LEjhl4754d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-