General
-
Target
74e4961e2a8fad509088584f76dc35092e9c6e4a11c8066807997af54d5997fc
-
Size
539KB
-
Sample
230324-hcf5lscf78
-
MD5
6ae40c4b4858dcb3a141ebd831a6fdd5
-
SHA1
6946e491659b06660a5d272ac4402bc14540bc80
-
SHA256
74e4961e2a8fad509088584f76dc35092e9c6e4a11c8066807997af54d5997fc
-
SHA512
fe1ac0b7baea4310e94e44c417a8ac27f10d05793324d794ea7bf21726128a3f76e5edcffbdb2689afeaf9977f547039c19c32d49f96bbd6e3195ce3623b7c10
-
SSDEEP
12288:2MrNy90d08YBKwK+7phmnMbiM4WEDOooDPJ9Rt2ir8J:XyKdY1phJiM4W20Fft56
Static task
static1
Behavioral task
behavioral1
Sample
74e4961e2a8fad509088584f76dc35092e9c6e4a11c8066807997af54d5997fc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
bolt
193.233.20.31:4125
-
auth_value
29540c7bf0277243e2faf6601e15a754
Targets
-
-
Target
74e4961e2a8fad509088584f76dc35092e9c6e4a11c8066807997af54d5997fc
-
Size
539KB
-
MD5
6ae40c4b4858dcb3a141ebd831a6fdd5
-
SHA1
6946e491659b06660a5d272ac4402bc14540bc80
-
SHA256
74e4961e2a8fad509088584f76dc35092e9c6e4a11c8066807997af54d5997fc
-
SHA512
fe1ac0b7baea4310e94e44c417a8ac27f10d05793324d794ea7bf21726128a3f76e5edcffbdb2689afeaf9977f547039c19c32d49f96bbd6e3195ce3623b7c10
-
SSDEEP
12288:2MrNy90d08YBKwK+7phmnMbiM4WEDOooDPJ9Rt2ir8J:XyKdY1phJiM4W20Fft56
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-