General
-
Target
b5005ad3927f9ca80e9b312c93a4941763ec71411ce84c8d9fc3368fcd0e40a1
-
Size
546KB
-
Sample
230324-bjmseabc54
-
MD5
050d884e4a14c0f97b668c3ae621efd3
-
SHA1
b90f979ac74858c6ba1c49aeae72be1b3bc5fa7b
-
SHA256
b5005ad3927f9ca80e9b312c93a4941763ec71411ce84c8d9fc3368fcd0e40a1
-
SHA512
a0818d0436fc79b598abc6cfa509ef501205356c7671f6968a4c88da866daafdf17b153fd3b5f6f47b979e66c5fe8070b8e05d3f93ca2656709bcb51120a3c00
-
SSDEEP
12288:aMrIy90e4FO0uY/2iUd2W5zkst6wLPZBJtF8q2f/Vnx:eyWdLUZxVPDTuq2ftnx
Static task
static1
Behavioral task
behavioral1
Sample
b5005ad3927f9ca80e9b312c93a4941763ec71411ce84c8d9fc3368fcd0e40a1.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
b5005ad3927f9ca80e9b312c93a4941763ec71411ce84c8d9fc3368fcd0e40a1
-
Size
546KB
-
MD5
050d884e4a14c0f97b668c3ae621efd3
-
SHA1
b90f979ac74858c6ba1c49aeae72be1b3bc5fa7b
-
SHA256
b5005ad3927f9ca80e9b312c93a4941763ec71411ce84c8d9fc3368fcd0e40a1
-
SHA512
a0818d0436fc79b598abc6cfa509ef501205356c7671f6968a4c88da866daafdf17b153fd3b5f6f47b979e66c5fe8070b8e05d3f93ca2656709bcb51120a3c00
-
SSDEEP
12288:aMrIy90e4FO0uY/2iUd2W5zkst6wLPZBJtF8q2f/Vnx:eyWdLUZxVPDTuq2ftnx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-