General
-
Target
9d1aac054061e71fdff23fac0177591cdbdba090e6a2da84f739f8944b58b5f0
-
Size
540KB
-
Sample
230324-l1v58aff7x
-
MD5
657ea82dd48050752a448696c6965a2e
-
SHA1
d4bedd808bd181ea17bb477414843bbf19c262ec
-
SHA256
9d1aac054061e71fdff23fac0177591cdbdba090e6a2da84f739f8944b58b5f0
-
SHA512
8b5199b4c861f9b7d9bb06ec8eef4845545ac8b3001b929c86b679e40540d6c46b61ac6fc196eddf1148e3ff8903d538d09327748d859f10ac7c1d13a6b46305
-
SSDEEP
12288:jMrKy904W5RcIja3nYTxLI4+SM1t9IyWC+8gD:hy8jqnYN2jbKK+3
Static task
static1
Behavioral task
behavioral1
Sample
9d1aac054061e71fdff23fac0177591cdbdba090e6a2da84f739f8944b58b5f0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
9d1aac054061e71fdff23fac0177591cdbdba090e6a2da84f739f8944b58b5f0
-
Size
540KB
-
MD5
657ea82dd48050752a448696c6965a2e
-
SHA1
d4bedd808bd181ea17bb477414843bbf19c262ec
-
SHA256
9d1aac054061e71fdff23fac0177591cdbdba090e6a2da84f739f8944b58b5f0
-
SHA512
8b5199b4c861f9b7d9bb06ec8eef4845545ac8b3001b929c86b679e40540d6c46b61ac6fc196eddf1148e3ff8903d538d09327748d859f10ac7c1d13a6b46305
-
SSDEEP
12288:jMrKy904W5RcIja3nYTxLI4+SM1t9IyWC+8gD:hy8jqnYN2jbKK+3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-