General
-
Target
276c818190acdea48063bfaac99737b23bfb8fd1a882e6fd297011215a86a38d
-
Size
690KB
-
Sample
230324-cjrl2ade9z
-
MD5
35e30997f0710a62d4925b0ecb1a5f87
-
SHA1
8de381ce734f9fbefc3e9eec5b05e22ef4664fa3
-
SHA256
276c818190acdea48063bfaac99737b23bfb8fd1a882e6fd297011215a86a38d
-
SHA512
138e654952e0cb9f8ec3edc142e1ff2d1f6362d0f9bb7d4cccdf734884b8117f7032412863fe53e52020f35975e14923b7779e40ac1d3f9c4c0dcf2df3a3c63b
-
SSDEEP
12288:DUjIXjpVmeRF7euMA4AFtz53CdFNBPT/0TI3VEN+5Q8oe4yY:DUEH9beq7Ftz53CdP6T+V7SF
Static task
static1
Behavioral task
behavioral1
Sample
276c818190acdea48063bfaac99737b23bfb8fd1a882e6fd297011215a86a38d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
276c818190acdea48063bfaac99737b23bfb8fd1a882e6fd297011215a86a38d
-
Size
690KB
-
MD5
35e30997f0710a62d4925b0ecb1a5f87
-
SHA1
8de381ce734f9fbefc3e9eec5b05e22ef4664fa3
-
SHA256
276c818190acdea48063bfaac99737b23bfb8fd1a882e6fd297011215a86a38d
-
SHA512
138e654952e0cb9f8ec3edc142e1ff2d1f6362d0f9bb7d4cccdf734884b8117f7032412863fe53e52020f35975e14923b7779e40ac1d3f9c4c0dcf2df3a3c63b
-
SSDEEP
12288:DUjIXjpVmeRF7euMA4AFtz53CdFNBPT/0TI3VEN+5Q8oe4yY:DUEH9beq7Ftz53CdP6T+V7SF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-