General
-
Target
16258d61c0894fc6bd00e3b3a5862ab3923b5c4f0eb37f1c89c4035d46750a45
-
Size
538KB
-
Sample
230324-k5s1zsdc76
-
MD5
4b0326d48593517a8a18b63ada42492d
-
SHA1
01b5d574f68da8f60081a8dc80fe141103d3b64a
-
SHA256
16258d61c0894fc6bd00e3b3a5862ab3923b5c4f0eb37f1c89c4035d46750a45
-
SHA512
806205fb024a5eed4c42e5a558bac4178f16d4867c7134020cc7b6be9d703a0671aa69e080db2463436552997344d84056880c9e9338d2c756208d5b81ce8f79
-
SSDEEP
12288:XMrAy90BnYszHr4YIxxI4+19LBQ/y/3rLwVfT3:HyCYszL4YYIL57E7
Static task
static1
Behavioral task
behavioral1
Sample
16258d61c0894fc6bd00e3b3a5862ab3923b5c4f0eb37f1c89c4035d46750a45.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
16258d61c0894fc6bd00e3b3a5862ab3923b5c4f0eb37f1c89c4035d46750a45
-
Size
538KB
-
MD5
4b0326d48593517a8a18b63ada42492d
-
SHA1
01b5d574f68da8f60081a8dc80fe141103d3b64a
-
SHA256
16258d61c0894fc6bd00e3b3a5862ab3923b5c4f0eb37f1c89c4035d46750a45
-
SHA512
806205fb024a5eed4c42e5a558bac4178f16d4867c7134020cc7b6be9d703a0671aa69e080db2463436552997344d84056880c9e9338d2c756208d5b81ce8f79
-
SSDEEP
12288:XMrAy90BnYszHr4YIxxI4+19LBQ/y/3rLwVfT3:HyCYszL4YYIL57E7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-