General
-
Target
51126d4a28e86eaeeadf6d52bdc43bb521d75ca9ecc5d6c6052d4dfe548c4a84
-
Size
546KB
-
Sample
230324-asbaasda8y
-
MD5
ef482cbe567d9dd34a7397511e2aa0f5
-
SHA1
d93acb568c854abca984bf2db2c7c51b9065c2cf
-
SHA256
51126d4a28e86eaeeadf6d52bdc43bb521d75ca9ecc5d6c6052d4dfe548c4a84
-
SHA512
ca84d6c4aa872c61d86ca6077d91374a200dbe0a49eee22da1a7822cdb72b6720ead8258b735972094037116e8f413508df380d8bbd90cee5ab797fdb8185cba
-
SSDEEP
12288:tMrjy90bv6CV1l6vENDcWF2WtzQstmwLnFMiSi+f:qy8ZVKvyDjNVZFO
Static task
static1
Behavioral task
behavioral1
Sample
51126d4a28e86eaeeadf6d52bdc43bb521d75ca9ecc5d6c6052d4dfe548c4a84.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
51126d4a28e86eaeeadf6d52bdc43bb521d75ca9ecc5d6c6052d4dfe548c4a84
-
Size
546KB
-
MD5
ef482cbe567d9dd34a7397511e2aa0f5
-
SHA1
d93acb568c854abca984bf2db2c7c51b9065c2cf
-
SHA256
51126d4a28e86eaeeadf6d52bdc43bb521d75ca9ecc5d6c6052d4dfe548c4a84
-
SHA512
ca84d6c4aa872c61d86ca6077d91374a200dbe0a49eee22da1a7822cdb72b6720ead8258b735972094037116e8f413508df380d8bbd90cee5ab797fdb8185cba
-
SSDEEP
12288:tMrjy90bv6CV1l6vENDcWF2WtzQstmwLnFMiSi+f:qy8ZVKvyDjNVZFO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-