General
-
Target
44e0e02a8f8ab8673755aedec01beb19ce9785ee3048418a24a389b43dc6bfcf
-
Size
546KB
-
Sample
230324-bd5q2adc3z
-
MD5
999e2e27d719af6c2b96fc64facfaeb4
-
SHA1
da6db7dafda5469e7a468c15dca4c58a130593ff
-
SHA256
44e0e02a8f8ab8673755aedec01beb19ce9785ee3048418a24a389b43dc6bfcf
-
SHA512
c7205319ee7df2e181abc583e7a5938eed3ee397aca3e6cbca32e451e11bd0741b66387ce8355717afc220df8b2144f0989fb114348be9899a0775127fedec4f
-
SSDEEP
12288:OMrgy90WvjB2IfJXAx0Q2WBzfstBwLx152osb:6yXRw6wUMvcosb
Static task
static1
Behavioral task
behavioral1
Sample
44e0e02a8f8ab8673755aedec01beb19ce9785ee3048418a24a389b43dc6bfcf.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
44e0e02a8f8ab8673755aedec01beb19ce9785ee3048418a24a389b43dc6bfcf
-
Size
546KB
-
MD5
999e2e27d719af6c2b96fc64facfaeb4
-
SHA1
da6db7dafda5469e7a468c15dca4c58a130593ff
-
SHA256
44e0e02a8f8ab8673755aedec01beb19ce9785ee3048418a24a389b43dc6bfcf
-
SHA512
c7205319ee7df2e181abc583e7a5938eed3ee397aca3e6cbca32e451e11bd0741b66387ce8355717afc220df8b2144f0989fb114348be9899a0775127fedec4f
-
SSDEEP
12288:OMrgy90WvjB2IfJXAx0Q2WBzfstBwLx152osb:6yXRw6wUMvcosb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-