General
-
Target
02cbe89edde94b2a010f53a059fe7437d28e26612fe7efb5b8f07a0a08ae99c2
-
Size
540KB
-
Sample
230324-jexe2sfa7v
-
MD5
a28082632cfaea7d30a1dd2cff7eb5d3
-
SHA1
07f7299cfb0d894619f0e8cfa457ed73e14cc99c
-
SHA256
02cbe89edde94b2a010f53a059fe7437d28e26612fe7efb5b8f07a0a08ae99c2
-
SHA512
91d982ef49475ca6b45716c4365ee8cc16a6c9c49e5c30fc13cc0c642049aa87dc67472e3c99d65fb180108176d8acbfcf523991a3103ea31d5cefe5d2f360d2
-
SSDEEP
12288:7Mryy90NXKG0zfzbebaEWt4HDSMMJ2ApFVNcBXIA2:hyewz8aEWt4HiJ2WPKBXIA2
Static task
static1
Behavioral task
behavioral1
Sample
02cbe89edde94b2a010f53a059fe7437d28e26612fe7efb5b8f07a0a08ae99c2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
02cbe89edde94b2a010f53a059fe7437d28e26612fe7efb5b8f07a0a08ae99c2
-
Size
540KB
-
MD5
a28082632cfaea7d30a1dd2cff7eb5d3
-
SHA1
07f7299cfb0d894619f0e8cfa457ed73e14cc99c
-
SHA256
02cbe89edde94b2a010f53a059fe7437d28e26612fe7efb5b8f07a0a08ae99c2
-
SHA512
91d982ef49475ca6b45716c4365ee8cc16a6c9c49e5c30fc13cc0c642049aa87dc67472e3c99d65fb180108176d8acbfcf523991a3103ea31d5cefe5d2f360d2
-
SSDEEP
12288:7Mryy90NXKG0zfzbebaEWt4HDSMMJ2ApFVNcBXIA2:hyewz8aEWt4HiJ2WPKBXIA2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-