General
-
Target
99af1b670a380e17e6d4ab5a7d51fdf61de57cb445f5dcb15a4d3f5696419884
-
Size
539KB
-
Sample
230324-ldppxsfe41
-
MD5
1ae3feafd253ef01bda3e5ed20d364e6
-
SHA1
97ae6f4db5f1b44ca71063ea1c25e64dd52a9c9b
-
SHA256
99af1b670a380e17e6d4ab5a7d51fdf61de57cb445f5dcb15a4d3f5696419884
-
SHA512
d9eaa76b2dc94569bbe5fcfc40725179bc829cd2ac5207ab6d5c75524c1ee057141403233570c5da4488d47293bff5fb0cd69610b3b1502fc9203d01e016df60
-
SSDEEP
12288:TMrzy90JqWyysqXUfYZ2ZuLIYsxnI4+BNanfkYZuIAeyZ:YyCyMUM2ZEIYsyHafkYoIzyZ
Static task
static1
Behavioral task
behavioral1
Sample
99af1b670a380e17e6d4ab5a7d51fdf61de57cb445f5dcb15a4d3f5696419884.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
99af1b670a380e17e6d4ab5a7d51fdf61de57cb445f5dcb15a4d3f5696419884
-
Size
539KB
-
MD5
1ae3feafd253ef01bda3e5ed20d364e6
-
SHA1
97ae6f4db5f1b44ca71063ea1c25e64dd52a9c9b
-
SHA256
99af1b670a380e17e6d4ab5a7d51fdf61de57cb445f5dcb15a4d3f5696419884
-
SHA512
d9eaa76b2dc94569bbe5fcfc40725179bc829cd2ac5207ab6d5c75524c1ee057141403233570c5da4488d47293bff5fb0cd69610b3b1502fc9203d01e016df60
-
SSDEEP
12288:TMrzy90JqWyysqXUfYZ2ZuLIYsxnI4+BNanfkYZuIAeyZ:YyCyMUM2ZEIYsyHafkYoIzyZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-