General
-
Target
d1c5b8fee60f06d610bf1894ed94325347646de4fcb6ce6a42d2aa378926f91e
-
Size
687KB
-
Sample
230324-jevw8afa7t
-
MD5
0fe3309c85f98763fb2cd40b03a92069
-
SHA1
c107040f93aaa930627e85e3333ad7aa7a0b13d8
-
SHA256
d1c5b8fee60f06d610bf1894ed94325347646de4fcb6ce6a42d2aa378926f91e
-
SHA512
a40bbc6b3248fb943771ad64d2f8fe4872890500447c95984358ff9a5055b705739de07d9ff6c8c2272ed05bf9a46aa846d239afbb77dd846d6d35e12a95d9bd
-
SSDEEP
12288:t3KZUuB2nyy4KS3el7XLT5a2uZdAeZ0lgt1Pf53IejQGR7:trE2nyy4DQLLEJZdP06RYejZV
Static task
static1
Behavioral task
behavioral1
Sample
d1c5b8fee60f06d610bf1894ed94325347646de4fcb6ce6a42d2aa378926f91e.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
d1c5b8fee60f06d610bf1894ed94325347646de4fcb6ce6a42d2aa378926f91e
-
Size
687KB
-
MD5
0fe3309c85f98763fb2cd40b03a92069
-
SHA1
c107040f93aaa930627e85e3333ad7aa7a0b13d8
-
SHA256
d1c5b8fee60f06d610bf1894ed94325347646de4fcb6ce6a42d2aa378926f91e
-
SHA512
a40bbc6b3248fb943771ad64d2f8fe4872890500447c95984358ff9a5055b705739de07d9ff6c8c2272ed05bf9a46aa846d239afbb77dd846d6d35e12a95d9bd
-
SSDEEP
12288:t3KZUuB2nyy4KS3el7XLT5a2uZdAeZ0lgt1Pf53IejQGR7:trE2nyy4DQLLEJZdP06RYejZV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-