General
-
Target
c4e24c81be66682868cbfecfe0f69c395f5798ebf259564f7c0f3519623abf1e
-
Size
539KB
-
Sample
230324-l8t8wsfg2t
-
MD5
2538e7f116b0db4b7c9559c3fae07f03
-
SHA1
e659b55aa5266bbbbdb288bd3500933a9c9f8281
-
SHA256
c4e24c81be66682868cbfecfe0f69c395f5798ebf259564f7c0f3519623abf1e
-
SHA512
8f9c70de11b534f1adbd63e751db2b0512404bef7c74b922ad0977b233153c4a9797be86ac717e8664d9767dab1ad196b6f120a1d95e66a8a340526562ef1f88
-
SSDEEP
12288:BMr0y90YBtBvAT8DZJ8Ogz0/6Yxx5I4+Fs1tXWQW7n/Pf:NyPHle1Ogz66YzQK1tmQgH
Static task
static1
Behavioral task
behavioral1
Sample
c4e24c81be66682868cbfecfe0f69c395f5798ebf259564f7c0f3519623abf1e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
c4e24c81be66682868cbfecfe0f69c395f5798ebf259564f7c0f3519623abf1e
-
Size
539KB
-
MD5
2538e7f116b0db4b7c9559c3fae07f03
-
SHA1
e659b55aa5266bbbbdb288bd3500933a9c9f8281
-
SHA256
c4e24c81be66682868cbfecfe0f69c395f5798ebf259564f7c0f3519623abf1e
-
SHA512
8f9c70de11b534f1adbd63e751db2b0512404bef7c74b922ad0977b233153c4a9797be86ac717e8664d9767dab1ad196b6f120a1d95e66a8a340526562ef1f88
-
SSDEEP
12288:BMr0y90YBtBvAT8DZJ8Ogz0/6Yxx5I4+Fs1tXWQW7n/Pf:NyPHle1Ogz66YzQK1tmQgH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-