General
-
Target
9df1348acfbc57e2249590ffc6cdb70503c435d3836be6f2718a9663f16e167c
-
Size
690KB
-
Sample
230324-b8kz4sbe47
-
MD5
62ef49a41a429378abbc3c72cdd758ce
-
SHA1
08ad1c4da17bc0cf397a87252dfd6cac122f7bb7
-
SHA256
9df1348acfbc57e2249590ffc6cdb70503c435d3836be6f2718a9663f16e167c
-
SHA512
af6c4f3b382318d60942d9ea6807c40460eb36df2a09d51e36e61de0fa8d4b3a7fcda3206b15f760aee323201818dec6fa04d602e858e18d3c9930cb8eb754f3
-
SSDEEP
12288:TUjIXjpVmeRF7euMA4AFtz53CdFNBPT/0TI3VEN+5Q8oe4yY:TUEH9beq7Ftz53CdP6T+V7SF
Static task
static1
Behavioral task
behavioral1
Sample
9df1348acfbc57e2249590ffc6cdb70503c435d3836be6f2718a9663f16e167c.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
9df1348acfbc57e2249590ffc6cdb70503c435d3836be6f2718a9663f16e167c
-
Size
690KB
-
MD5
62ef49a41a429378abbc3c72cdd758ce
-
SHA1
08ad1c4da17bc0cf397a87252dfd6cac122f7bb7
-
SHA256
9df1348acfbc57e2249590ffc6cdb70503c435d3836be6f2718a9663f16e167c
-
SHA512
af6c4f3b382318d60942d9ea6807c40460eb36df2a09d51e36e61de0fa8d4b3a7fcda3206b15f760aee323201818dec6fa04d602e858e18d3c9930cb8eb754f3
-
SSDEEP
12288:TUjIXjpVmeRF7euMA4AFtz53CdFNBPT/0TI3VEN+5Q8oe4yY:TUEH9beq7Ftz53CdP6T+V7SF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-