General
-
Target
d68363d7fad1605a6e4db53384ff5b0c21108515b79ff68d7bd4c85958549cb3
-
Size
539KB
-
Sample
230324-l3j6qsff8w
-
MD5
3517672cb9bc9b013209e057e92189c0
-
SHA1
35b1f44bbe53b2067d1e7e0a32a3bbe620f50e75
-
SHA256
d68363d7fad1605a6e4db53384ff5b0c21108515b79ff68d7bd4c85958549cb3
-
SHA512
866299899f579cca2e7250e90f77ac6470617f34bfb308c2f8a68adc460cb4aad59df6e9b91d6cc7bc7d6a24080b280ca5be70d2a922064265c895e3a5847004
-
SSDEEP
12288:EMrQy90+I99Ak6PQ8zRRbiz0WXYexYI4+5GDvFUMM5HyLbER/H:syPIsFQxzbXYulQDSHyLbo
Static task
static1
Behavioral task
behavioral1
Sample
d68363d7fad1605a6e4db53384ff5b0c21108515b79ff68d7bd4c85958549cb3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
d68363d7fad1605a6e4db53384ff5b0c21108515b79ff68d7bd4c85958549cb3
-
Size
539KB
-
MD5
3517672cb9bc9b013209e057e92189c0
-
SHA1
35b1f44bbe53b2067d1e7e0a32a3bbe620f50e75
-
SHA256
d68363d7fad1605a6e4db53384ff5b0c21108515b79ff68d7bd4c85958549cb3
-
SHA512
866299899f579cca2e7250e90f77ac6470617f34bfb308c2f8a68adc460cb4aad59df6e9b91d6cc7bc7d6a24080b280ca5be70d2a922064265c895e3a5847004
-
SSDEEP
12288:EMrQy90+I99Ak6PQ8zRRbiz0WXYexYI4+5GDvFUMM5HyLbER/H:syPIsFQxzbXYulQDSHyLbo
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-