General
-
Target
abe6a8fc168e283ee8f0c4aee0c5f6a472d1579aa9c4d85049d4318a49150c44
-
Size
680KB
-
Sample
230324-leb58afe5x
-
MD5
35e898e26899c737968e23d1d6ad8386
-
SHA1
ed323bd4289ed0c2a682a1f34251f6f696c0b923
-
SHA256
abe6a8fc168e283ee8f0c4aee0c5f6a472d1579aa9c4d85049d4318a49150c44
-
SHA512
c216464c97be4f9bf91c86e3f5f300bdc17f679a2933cad14258b6a7b9ba935084580502517ea51eba0151fabf896b70832b7a3c6b6203b947f68a740bb33c6e
-
SSDEEP
12288:4d898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:4T08PtIsuup4IO6oz5VC1
Static task
static1
Behavioral task
behavioral1
Sample
abe6a8fc168e283ee8f0c4aee0c5f6a472d1579aa9c4d85049d4318a49150c44.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
abe6a8fc168e283ee8f0c4aee0c5f6a472d1579aa9c4d85049d4318a49150c44
-
Size
680KB
-
MD5
35e898e26899c737968e23d1d6ad8386
-
SHA1
ed323bd4289ed0c2a682a1f34251f6f696c0b923
-
SHA256
abe6a8fc168e283ee8f0c4aee0c5f6a472d1579aa9c4d85049d4318a49150c44
-
SHA512
c216464c97be4f9bf91c86e3f5f300bdc17f679a2933cad14258b6a7b9ba935084580502517ea51eba0151fabf896b70832b7a3c6b6203b947f68a740bb33c6e
-
SSDEEP
12288:4d898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:4T08PtIsuup4IO6oz5VC1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-