General
-
Target
899bea291a8634ccf48a85dc98c46f224dc6954806a6912be4839dc3364d1708
-
Size
539KB
-
Sample
230324-mbfjxadf35
-
MD5
e365e4b7568dc16af5c2d6cb661c20f0
-
SHA1
94aa0801ab3f5f6ad4651d8db71f1283282f3714
-
SHA256
899bea291a8634ccf48a85dc98c46f224dc6954806a6912be4839dc3364d1708
-
SHA512
41c863f612e6fed61e6dd2efecec82ecb890d4e7640a0dbc17626c9dd78ae983ffab72673ad6641461942646b4d1211e6a0b9837834c5a97d7381c79d047d88f
-
SSDEEP
12288:cMrRy90hN1dGsWHl7nh+PzVyrYExnI4+7v+EG1blvUT8k0:1yK9GsWqzkrY0yDy1uT8k0
Static task
static1
Behavioral task
behavioral1
Sample
899bea291a8634ccf48a85dc98c46f224dc6954806a6912be4839dc3364d1708.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
899bea291a8634ccf48a85dc98c46f224dc6954806a6912be4839dc3364d1708
-
Size
539KB
-
MD5
e365e4b7568dc16af5c2d6cb661c20f0
-
SHA1
94aa0801ab3f5f6ad4651d8db71f1283282f3714
-
SHA256
899bea291a8634ccf48a85dc98c46f224dc6954806a6912be4839dc3364d1708
-
SHA512
41c863f612e6fed61e6dd2efecec82ecb890d4e7640a0dbc17626c9dd78ae983ffab72673ad6641461942646b4d1211e6a0b9837834c5a97d7381c79d047d88f
-
SSDEEP
12288:cMrRy90hN1dGsWHl7nh+PzVyrYExnI4+7v+EG1blvUT8k0:1yK9GsWqzkrY0yDy1uT8k0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-