General
-
Target
6f59694cb2a4fe0af61f24b036ec7f901ed239f6d200cb9d684bccbf46b91c73
-
Size
538KB
-
Sample
230324-k32kcafd8y
-
MD5
f93483c4361a095210dfae536eee273e
-
SHA1
c976057048f60bd7a495cbefcb95195debb5b4f2
-
SHA256
6f59694cb2a4fe0af61f24b036ec7f901ed239f6d200cb9d684bccbf46b91c73
-
SHA512
ed92766ced1e9161f9f5e994da2bc9c55bee39f0d74fbb6f6f48214aeada10f29e34220441d8eaa98afd39a51093a9193fa71bf1325ff4ddd77a2ba66099c83f
-
SSDEEP
12288:EMrey902IP9kIw4RS9BQ2ractbFex4I4+MPEkq4fvkB:qysPamEWCtbFuFQG4f8B
Static task
static1
Behavioral task
behavioral1
Sample
6f59694cb2a4fe0af61f24b036ec7f901ed239f6d200cb9d684bccbf46b91c73.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
6f59694cb2a4fe0af61f24b036ec7f901ed239f6d200cb9d684bccbf46b91c73
-
Size
538KB
-
MD5
f93483c4361a095210dfae536eee273e
-
SHA1
c976057048f60bd7a495cbefcb95195debb5b4f2
-
SHA256
6f59694cb2a4fe0af61f24b036ec7f901ed239f6d200cb9d684bccbf46b91c73
-
SHA512
ed92766ced1e9161f9f5e994da2bc9c55bee39f0d74fbb6f6f48214aeada10f29e34220441d8eaa98afd39a51093a9193fa71bf1325ff4ddd77a2ba66099c83f
-
SSDEEP
12288:EMrey902IP9kIw4RS9BQ2ractbFex4I4+MPEkq4fvkB:qysPamEWCtbFuFQG4f8B
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-