General
-
Target
b73082c917829b8c5906bbbef7f1e85d346e772ccdd9597aeca0c5825ca3b477
-
Size
539KB
-
Sample
230324-mc56ysfg3x
-
MD5
0a62431c99fea17fade42f7267242cc2
-
SHA1
c0526276df43a67914509c15743bc54cecd144de
-
SHA256
b73082c917829b8c5906bbbef7f1e85d346e772ccdd9597aeca0c5825ca3b477
-
SHA512
6820322138f2766708202315c9e757e6b60a6abe4bc0156ba31e3aba38eaf929b4a51f4bc220abb906fd4f1c776150afa1fe8027030d158fa3235597a3cf4207
-
SSDEEP
12288:KMryy90Vb4eNzZd+lfoOvYfxpI4+TbIBrd9ynVR4Eh4J:cywHd4fzvY5g/8rdInf4r
Static task
static1
Behavioral task
behavioral1
Sample
b73082c917829b8c5906bbbef7f1e85d346e772ccdd9597aeca0c5825ca3b477.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
b73082c917829b8c5906bbbef7f1e85d346e772ccdd9597aeca0c5825ca3b477
-
Size
539KB
-
MD5
0a62431c99fea17fade42f7267242cc2
-
SHA1
c0526276df43a67914509c15743bc54cecd144de
-
SHA256
b73082c917829b8c5906bbbef7f1e85d346e772ccdd9597aeca0c5825ca3b477
-
SHA512
6820322138f2766708202315c9e757e6b60a6abe4bc0156ba31e3aba38eaf929b4a51f4bc220abb906fd4f1c776150afa1fe8027030d158fa3235597a3cf4207
-
SSDEEP
12288:KMryy90Vb4eNzZd+lfoOvYfxpI4+TbIBrd9ynVR4Eh4J:cywHd4fzvY5g/8rdInf4r
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-