General
-
Target
42d72bed17a0641c4f0bad8e200e82f4b016b029e7aed1d4c634aad7da1ae9f6
-
Size
538KB
-
Sample
230324-madnxsdf27
-
MD5
b01efde9960a5f65e718f6cad76dedd0
-
SHA1
b6c525f6e5630ae4aabc7790836f37bae31fb609
-
SHA256
42d72bed17a0641c4f0bad8e200e82f4b016b029e7aed1d4c634aad7da1ae9f6
-
SHA512
a5590155e8873bcf251dff97c7e515692194359956b562a831ccb55cde4a74d42d2b38088a7dd0e49d8df1d5d10409efab27b6128e0f928f845188a0104d080c
-
SSDEEP
12288:DMrTy90/1vrjjWupydeqSe6ciCB+DsPoDYdxJI4+QWlxL4JWl0D+3bMe:oyuh/aPrPEaiYPATv4Jw0+P
Static task
static1
Behavioral task
behavioral1
Sample
42d72bed17a0641c4f0bad8e200e82f4b016b029e7aed1d4c634aad7da1ae9f6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
bolt
193.233.20.31:4125
-
auth_value
29540c7bf0277243e2faf6601e15a754
Targets
-
-
Target
42d72bed17a0641c4f0bad8e200e82f4b016b029e7aed1d4c634aad7da1ae9f6
-
Size
538KB
-
MD5
b01efde9960a5f65e718f6cad76dedd0
-
SHA1
b6c525f6e5630ae4aabc7790836f37bae31fb609
-
SHA256
42d72bed17a0641c4f0bad8e200e82f4b016b029e7aed1d4c634aad7da1ae9f6
-
SHA512
a5590155e8873bcf251dff97c7e515692194359956b562a831ccb55cde4a74d42d2b38088a7dd0e49d8df1d5d10409efab27b6128e0f928f845188a0104d080c
-
SSDEEP
12288:DMrTy90/1vrjjWupydeqSe6ciCB+DsPoDYdxJI4+QWlxL4JWl0D+3bMe:oyuh/aPrPEaiYPATv4Jw0+P
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-