General
-
Target
43969c35ffd02a1e8e0e52017556431dad6782b98eab2101434028d1abfc7954
-
Size
539KB
-
Sample
230324-k42azadc69
-
MD5
8a4743e5f05b4d6cb48478014cb66b84
-
SHA1
61a8224bac9f17c2836169955b6bb4d6e46f2653
-
SHA256
43969c35ffd02a1e8e0e52017556431dad6782b98eab2101434028d1abfc7954
-
SHA512
5426681b285af7e0e1bd729a7f243077c2758fae5fd93a09dd03ec5af47572b817eb5497a2da13449461d4bb0b4f95b1fe1b0ff592bd167c83fb4305d79ef0ff
-
SSDEEP
12288:fMriy90zEEnfIG7hsRohi5khp1QYlxEI4+yH5/G/2:lyuEIwG72Roo5khvQYHBc5J
Static task
static1
Behavioral task
behavioral1
Sample
43969c35ffd02a1e8e0e52017556431dad6782b98eab2101434028d1abfc7954.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
43969c35ffd02a1e8e0e52017556431dad6782b98eab2101434028d1abfc7954
-
Size
539KB
-
MD5
8a4743e5f05b4d6cb48478014cb66b84
-
SHA1
61a8224bac9f17c2836169955b6bb4d6e46f2653
-
SHA256
43969c35ffd02a1e8e0e52017556431dad6782b98eab2101434028d1abfc7954
-
SHA512
5426681b285af7e0e1bd729a7f243077c2758fae5fd93a09dd03ec5af47572b817eb5497a2da13449461d4bb0b4f95b1fe1b0ff592bd167c83fb4305d79ef0ff
-
SSDEEP
12288:fMriy90zEEnfIG7hsRohi5khp1QYlxEI4+yH5/G/2:lyuEIwG72Roo5khvQYHBc5J
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-