General
-
Target
cd82485f8482260777e6f865769be38960449d01d3010a04d3752ac6eff2469f
-
Size
546KB
-
Sample
230324-blkqtsbc68
-
MD5
8cada69f6b736be70353b9f7eff634c9
-
SHA1
a3503737d220628ed8ae114d8c0c2c1eb2ddd26f
-
SHA256
cd82485f8482260777e6f865769be38960449d01d3010a04d3752ac6eff2469f
-
SHA512
b9e1fac2d52a719391198c216a5a2d38f7bc5385d368c92a8f10c7ac3c21cf94984ec9a576ebbedba59f39d667a0a80551e3a434cfe8385e15e8e2c92eb2e7ed
-
SSDEEP
12288:BMrMy90cj/1Y3I15ENiPDOnxstowL0f3cAbzZc:1yBjl8T2XVApc
Static task
static1
Behavioral task
behavioral1
Sample
cd82485f8482260777e6f865769be38960449d01d3010a04d3752ac6eff2469f.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
cd82485f8482260777e6f865769be38960449d01d3010a04d3752ac6eff2469f
-
Size
546KB
-
MD5
8cada69f6b736be70353b9f7eff634c9
-
SHA1
a3503737d220628ed8ae114d8c0c2c1eb2ddd26f
-
SHA256
cd82485f8482260777e6f865769be38960449d01d3010a04d3752ac6eff2469f
-
SHA512
b9e1fac2d52a719391198c216a5a2d38f7bc5385d368c92a8f10c7ac3c21cf94984ec9a576ebbedba59f39d667a0a80551e3a434cfe8385e15e8e2c92eb2e7ed
-
SSDEEP
12288:BMrMy90cj/1Y3I15ENiPDOnxstowL0f3cAbzZc:1yBjl8T2XVApc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-