General
-
Target
35830c0d15da8524a5cebaef9c23f1b4b812ccd16abc4ef22ffbca5bce0dd2ca
-
Size
539KB
-
Sample
230324-ke8zhsfc6z
-
MD5
a5937f0dc1334b05b108cbf2c97a6b5f
-
SHA1
d3cfb3cfd630d9f2cec54cfa38cea9be765fa04e
-
SHA256
35830c0d15da8524a5cebaef9c23f1b4b812ccd16abc4ef22ffbca5bce0dd2ca
-
SHA512
fd44829050c5cb9f9df1016bfe9c060ac0f32a42a0815070340b44dc7bb2457554399fdfebf31740ab825788850d758833dbdd9d281564b4cd55887cd7d16712
-
SSDEEP
12288:CMrGy90bJ3AjHcbvrIjuQfoYZYox4I4+3Uo9lWZsup8U:oyubDISQfRZY4FkelWQU
Static task
static1
Behavioral task
behavioral1
Sample
35830c0d15da8524a5cebaef9c23f1b4b812ccd16abc4ef22ffbca5bce0dd2ca.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
35830c0d15da8524a5cebaef9c23f1b4b812ccd16abc4ef22ffbca5bce0dd2ca
-
Size
539KB
-
MD5
a5937f0dc1334b05b108cbf2c97a6b5f
-
SHA1
d3cfb3cfd630d9f2cec54cfa38cea9be765fa04e
-
SHA256
35830c0d15da8524a5cebaef9c23f1b4b812ccd16abc4ef22ffbca5bce0dd2ca
-
SHA512
fd44829050c5cb9f9df1016bfe9c060ac0f32a42a0815070340b44dc7bb2457554399fdfebf31740ab825788850d758833dbdd9d281564b4cd55887cd7d16712
-
SSDEEP
12288:CMrGy90bJ3AjHcbvrIjuQfoYZYox4I4+3Uo9lWZsup8U:oyubDISQfRZY4FkelWQU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-