General
-
Target
483ad308d0b16ed016acdd351465655ec7907d8bf98e6716c1722486b938c853
-
Size
538KB
-
Sample
230324-k9bx9sdc95
-
MD5
06b2a507ca0fa853dd4064a03a6e57e0
-
SHA1
305d2383832a71b96f530841b4587c95b16a8c5a
-
SHA256
483ad308d0b16ed016acdd351465655ec7907d8bf98e6716c1722486b938c853
-
SHA512
bc37838c313ec10167ebc2640f29c1dd638e4bc38d32eacaef7d4a3eec876853db94d4f61675733dc2acbde5f2657c74802a99df2a2441821675a9f36edb93c6
-
SSDEEP
12288:EMrsy90Ob7F9bSTtGeqtc/M6kZnNSYexQI4+4izls5URVYkiHi5U:AyVvuTtat/zZNSYudDzlvTYkdS
Static task
static1
Behavioral task
behavioral1
Sample
483ad308d0b16ed016acdd351465655ec7907d8bf98e6716c1722486b938c853.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
483ad308d0b16ed016acdd351465655ec7907d8bf98e6716c1722486b938c853
-
Size
538KB
-
MD5
06b2a507ca0fa853dd4064a03a6e57e0
-
SHA1
305d2383832a71b96f530841b4587c95b16a8c5a
-
SHA256
483ad308d0b16ed016acdd351465655ec7907d8bf98e6716c1722486b938c853
-
SHA512
bc37838c313ec10167ebc2640f29c1dd638e4bc38d32eacaef7d4a3eec876853db94d4f61675733dc2acbde5f2657c74802a99df2a2441821675a9f36edb93c6
-
SSDEEP
12288:EMrsy90Ob7F9bSTtGeqtc/M6kZnNSYexQI4+4izls5URVYkiHi5U:AyVvuTtat/zZNSYudDzlvTYkdS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-