General
-
Target
40a5d2004a3e94bed03f0d0b05e1f37dda638fbfbd865f3a87e96be66538fc76
-
Size
539KB
-
Sample
230324-m7e81sdh24
-
MD5
938f04b86a72fde9b48bfc63771a2bf3
-
SHA1
7c12e47f94ab6572d311b20c7ed4eed9e65e6685
-
SHA256
40a5d2004a3e94bed03f0d0b05e1f37dda638fbfbd865f3a87e96be66538fc76
-
SHA512
4bbd8b2acf2915cf9049c601b9b0c48eb827b5376cc887838b06daf73322fb3075d56015e8ed91b5bc0813071df20667525618672ef72fb155de09dd6994576f
-
SSDEEP
12288:UMrRy90V/CJdr6xHLuUNjzPgssYaEG3W3XDMgeGi:ly5zCruOjzPc5RWHnI
Static task
static1
Behavioral task
behavioral1
Sample
40a5d2004a3e94bed03f0d0b05e1f37dda638fbfbd865f3a87e96be66538fc76.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
goga
193.233.20.31:4125
-
auth_value
d23290cf37dcc5419576040359a72599
Targets
-
-
Target
40a5d2004a3e94bed03f0d0b05e1f37dda638fbfbd865f3a87e96be66538fc76
-
Size
539KB
-
MD5
938f04b86a72fde9b48bfc63771a2bf3
-
SHA1
7c12e47f94ab6572d311b20c7ed4eed9e65e6685
-
SHA256
40a5d2004a3e94bed03f0d0b05e1f37dda638fbfbd865f3a87e96be66538fc76
-
SHA512
4bbd8b2acf2915cf9049c601b9b0c48eb827b5376cc887838b06daf73322fb3075d56015e8ed91b5bc0813071df20667525618672ef72fb155de09dd6994576f
-
SSDEEP
12288:UMrRy90V/CJdr6xHLuUNjzPgssYaEG3W3XDMgeGi:ly5zCruOjzPc5RWHnI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-