General
-
Target
fe041582cd1c359f7158d73f87cd507273c3cddf8e54b909b3ade3962b50582e
-
Size
539KB
-
Sample
230324-maqcqadf29
-
MD5
a5c30cfce3c165579cd19cce2ef5a415
-
SHA1
68cf4a6a25f65724fb83ac451e52dc48d268bcb0
-
SHA256
fe041582cd1c359f7158d73f87cd507273c3cddf8e54b909b3ade3962b50582e
-
SHA512
1eb3592bd36b39a5f3224ae0ca86d71dbcd6055c9eadf9d4cc5a6ec713f11d6e36451880a16160b9a11101f121893ed954ee9ba47ed060d930e8adae4a92f1ee
-
SSDEEP
12288:2Mrmy90Yrpt16ZFTO4GIDq2XYNxWI4+BzQHVZhC3k7WrFp:cyHrp3R4GIDZXYfPpsAk7MFp
Static task
static1
Behavioral task
behavioral1
Sample
fe041582cd1c359f7158d73f87cd507273c3cddf8e54b909b3ade3962b50582e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
fe041582cd1c359f7158d73f87cd507273c3cddf8e54b909b3ade3962b50582e
-
Size
539KB
-
MD5
a5c30cfce3c165579cd19cce2ef5a415
-
SHA1
68cf4a6a25f65724fb83ac451e52dc48d268bcb0
-
SHA256
fe041582cd1c359f7158d73f87cd507273c3cddf8e54b909b3ade3962b50582e
-
SHA512
1eb3592bd36b39a5f3224ae0ca86d71dbcd6055c9eadf9d4cc5a6ec713f11d6e36451880a16160b9a11101f121893ed954ee9ba47ed060d930e8adae4a92f1ee
-
SSDEEP
12288:2Mrmy90Yrpt16ZFTO4GIDq2XYNxWI4+BzQHVZhC3k7WrFp:cyHrp3R4GIDZXYfPpsAk7MFp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-