General
-
Target
09eb6c5763deb468f63c53c47e7f5c64a5fcfa88ac7e3b17fbdb51f6966041b1
-
Size
539KB
-
Sample
230324-lk1qrsdd57
-
MD5
bcbb1fe9e85813fcf5c3c27f5131d99d
-
SHA1
3b1bebcefd2d3ecf2e913369288853a1b3018490
-
SHA256
09eb6c5763deb468f63c53c47e7f5c64a5fcfa88ac7e3b17fbdb51f6966041b1
-
SHA512
3c8a87d8834c1a65b5cb9c6526c6836bca88eb40da7302665425950caa392604c27c9e1a199302d9d775766741f043b2d78e07b61e766c986f6176f544d34787
-
SSDEEP
12288:iMr6y9069lOnh/+N69dG2nmGvYnxvI4+ila+bK6h4:cy19WhmNaG2ndvYx6qamJ4
Static task
static1
Behavioral task
behavioral1
Sample
09eb6c5763deb468f63c53c47e7f5c64a5fcfa88ac7e3b17fbdb51f6966041b1.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
09eb6c5763deb468f63c53c47e7f5c64a5fcfa88ac7e3b17fbdb51f6966041b1
-
Size
539KB
-
MD5
bcbb1fe9e85813fcf5c3c27f5131d99d
-
SHA1
3b1bebcefd2d3ecf2e913369288853a1b3018490
-
SHA256
09eb6c5763deb468f63c53c47e7f5c64a5fcfa88ac7e3b17fbdb51f6966041b1
-
SHA512
3c8a87d8834c1a65b5cb9c6526c6836bca88eb40da7302665425950caa392604c27c9e1a199302d9d775766741f043b2d78e07b61e766c986f6176f544d34787
-
SSDEEP
12288:iMr6y9069lOnh/+N69dG2nmGvYnxvI4+ila+bK6h4:cy19WhmNaG2ndvYx6qamJ4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-