General
-
Target
e810d809bdc90e9543174cad92c3317177848e0730b7df4ab9450b6756f979ec
-
Size
539KB
-
Sample
230324-lent1sfe51
-
MD5
6738d61888cebdac54c6d682ca57f67f
-
SHA1
3f4ffd45e40dfa5ba94d1745f9ffb423bece5e0f
-
SHA256
e810d809bdc90e9543174cad92c3317177848e0730b7df4ab9450b6756f979ec
-
SHA512
abcc44452e7c1657488d8936a4d8ddac63187157c7a2535544674d329fa6419297ad30bf4da9a50174493533c1016568023a3fb3e69007ab0be5564698d56600
-
SSDEEP
12288:TMrry90qT5LYIMkFitETTYtIlmZnYFYuxoI4+wtjlVg2tZLsEdOlb:syx59FiltIlmZYFYeVwjlVJVdOlb
Static task
static1
Behavioral task
behavioral1
Sample
e810d809bdc90e9543174cad92c3317177848e0730b7df4ab9450b6756f979ec.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
e810d809bdc90e9543174cad92c3317177848e0730b7df4ab9450b6756f979ec
-
Size
539KB
-
MD5
6738d61888cebdac54c6d682ca57f67f
-
SHA1
3f4ffd45e40dfa5ba94d1745f9ffb423bece5e0f
-
SHA256
e810d809bdc90e9543174cad92c3317177848e0730b7df4ab9450b6756f979ec
-
SHA512
abcc44452e7c1657488d8936a4d8ddac63187157c7a2535544674d329fa6419297ad30bf4da9a50174493533c1016568023a3fb3e69007ab0be5564698d56600
-
SSDEEP
12288:TMrry90qT5LYIMkFitETTYtIlmZnYFYuxoI4+wtjlVg2tZLsEdOlb:syx59FiltIlmZYFYeVwjlVJVdOlb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-