General
-
Target
184ed7c54ee72381f8b5af9ecacda12684f7db245ef6bd9633ed49e583e43bc7
-
Size
690KB
-
Sample
230324-bsqknabd29
-
MD5
93bc2c3db1e588eed8317cfd6131efb8
-
SHA1
53c8122b2e0aee8de9078e9163cf014e8e89ecda
-
SHA256
184ed7c54ee72381f8b5af9ecacda12684f7db245ef6bd9633ed49e583e43bc7
-
SHA512
eb4d39ba8e9d794531a12e16faae3176d906f5fd2a600eb1cd35130edfd4c05ae456e6fb6e66338fec83e75f604e03be2a3934a5d0e7822fe0d850223a518645
-
SSDEEP
12288:HUjIXjpVmeRF7euMA4AFtz53CdFNBPT/0TI3VEN+5Q8oe4yY:HUEH9beq7Ftz53CdP6T+V7SF
Static task
static1
Behavioral task
behavioral1
Sample
184ed7c54ee72381f8b5af9ecacda12684f7db245ef6bd9633ed49e583e43bc7.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
184ed7c54ee72381f8b5af9ecacda12684f7db245ef6bd9633ed49e583e43bc7
-
Size
690KB
-
MD5
93bc2c3db1e588eed8317cfd6131efb8
-
SHA1
53c8122b2e0aee8de9078e9163cf014e8e89ecda
-
SHA256
184ed7c54ee72381f8b5af9ecacda12684f7db245ef6bd9633ed49e583e43bc7
-
SHA512
eb4d39ba8e9d794531a12e16faae3176d906f5fd2a600eb1cd35130edfd4c05ae456e6fb6e66338fec83e75f604e03be2a3934a5d0e7822fe0d850223a518645
-
SSDEEP
12288:HUjIXjpVmeRF7euMA4AFtz53CdFNBPT/0TI3VEN+5Q8oe4yY:HUEH9beq7Ftz53CdP6T+V7SF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-