General
-
Target
e77b026cacd6d44f4ac83d9a0cea974b1122dc84be0ea5a3bfb4e0a30f3fc07d
-
Size
690KB
-
Sample
230324-clyhcsbf32
-
MD5
b0c07ecd1dd9fb90dd1c9f5827484d3b
-
SHA1
a3f11dbecee69ddb688d887cd1b06260e53b15ab
-
SHA256
e77b026cacd6d44f4ac83d9a0cea974b1122dc84be0ea5a3bfb4e0a30f3fc07d
-
SHA512
1b888e6271ff31c3f9f41d5f53a54d2e5f0505410f3a69c82fe9285e03bbc26372119b5ede42addd0584c3a410527780183579c5489eb1cbd134bd0af4971c62
-
SSDEEP
12288:YUjIXjpVmeRF7euMA4AFtz53CdFNBPT/0TI3VEN+5Q8oe4yY:YUEH9beq7Ftz53CdP6T+V7SF
Static task
static1
Behavioral task
behavioral1
Sample
e77b026cacd6d44f4ac83d9a0cea974b1122dc84be0ea5a3bfb4e0a30f3fc07d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
e77b026cacd6d44f4ac83d9a0cea974b1122dc84be0ea5a3bfb4e0a30f3fc07d
-
Size
690KB
-
MD5
b0c07ecd1dd9fb90dd1c9f5827484d3b
-
SHA1
a3f11dbecee69ddb688d887cd1b06260e53b15ab
-
SHA256
e77b026cacd6d44f4ac83d9a0cea974b1122dc84be0ea5a3bfb4e0a30f3fc07d
-
SHA512
1b888e6271ff31c3f9f41d5f53a54d2e5f0505410f3a69c82fe9285e03bbc26372119b5ede42addd0584c3a410527780183579c5489eb1cbd134bd0af4971c62
-
SSDEEP
12288:YUjIXjpVmeRF7euMA4AFtz53CdFNBPT/0TI3VEN+5Q8oe4yY:YUEH9beq7Ftz53CdP6T+V7SF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-