General
-
Target
22f0232c8b632be4e47602fb095cf932be982f8c3416cf968240f6a7b65c0420
-
Size
546KB
-
Sample
230324-bdjhssdc3w
-
MD5
fc6737f4f286ecdc8addab9a87ace334
-
SHA1
acc248bf61d7901c7d4dd74fddd2b3a22e3946fc
-
SHA256
22f0232c8b632be4e47602fb095cf932be982f8c3416cf968240f6a7b65c0420
-
SHA512
99c6bcced69c62266d5793d32b6f77eda3e52a4858e0c507987da0399b22a72d0da06d108b1b43d3c7cc76ac76b09f84c08f06ba8c09c8ac2564691be6e90ad3
-
SSDEEP
12288:rMr+y90xjuJRckneE4NiaDYnYNtvwL1va5QvmOiH21P:5yIuf226W1vmKTiH2p
Static task
static1
Behavioral task
behavioral1
Sample
22f0232c8b632be4e47602fb095cf932be982f8c3416cf968240f6a7b65c0420.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
22f0232c8b632be4e47602fb095cf932be982f8c3416cf968240f6a7b65c0420
-
Size
546KB
-
MD5
fc6737f4f286ecdc8addab9a87ace334
-
SHA1
acc248bf61d7901c7d4dd74fddd2b3a22e3946fc
-
SHA256
22f0232c8b632be4e47602fb095cf932be982f8c3416cf968240f6a7b65c0420
-
SHA512
99c6bcced69c62266d5793d32b6f77eda3e52a4858e0c507987da0399b22a72d0da06d108b1b43d3c7cc76ac76b09f84c08f06ba8c09c8ac2564691be6e90ad3
-
SSDEEP
12288:rMr+y90xjuJRckneE4NiaDYnYNtvwL1va5QvmOiH21P:5yIuf226W1vmKTiH2p
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-