General
-
Target
2f0c3a522541f62e671706f8fe7ed3afe63f796159ef5dfab56704a2943c7829
-
Size
680KB
-
Sample
230324-l2frxsff71
-
MD5
efb812c36ab59e8cf05a3dac674610a2
-
SHA1
e68986e254b172aa94db3e09aba47eb927d384e8
-
SHA256
2f0c3a522541f62e671706f8fe7ed3afe63f796159ef5dfab56704a2943c7829
-
SHA512
cf592d6425b26db34aa93b3a13d484b6d6f3af07788667ed45933f771bd504858f7f466ad1c1ec56f54493f581e135c4a5a13ec93ef351b45120e9c2e1cb4134
-
SSDEEP
12288:Yd898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:YT08PtIsuup4IO6oz5VC1
Static task
static1
Behavioral task
behavioral1
Sample
2f0c3a522541f62e671706f8fe7ed3afe63f796159ef5dfab56704a2943c7829.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
2f0c3a522541f62e671706f8fe7ed3afe63f796159ef5dfab56704a2943c7829
-
Size
680KB
-
MD5
efb812c36ab59e8cf05a3dac674610a2
-
SHA1
e68986e254b172aa94db3e09aba47eb927d384e8
-
SHA256
2f0c3a522541f62e671706f8fe7ed3afe63f796159ef5dfab56704a2943c7829
-
SHA512
cf592d6425b26db34aa93b3a13d484b6d6f3af07788667ed45933f771bd504858f7f466ad1c1ec56f54493f581e135c4a5a13ec93ef351b45120e9c2e1cb4134
-
SSDEEP
12288:Yd898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:YT08PtIsuup4IO6oz5VC1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-