General
-
Target
93adc6cde8a76f9f53424d91b0f0a918b93ec085b496bdecfd321442c29dae4b
-
Size
538KB
-
Sample
230324-mcdrpsdf38
-
MD5
295d5f27f9e75f4bea846b9432d230a8
-
SHA1
d21f1b88a511177ba3a591cb24b9f09fb15d33b5
-
SHA256
93adc6cde8a76f9f53424d91b0f0a918b93ec085b496bdecfd321442c29dae4b
-
SHA512
c3a53dc92a2c7e300c064a8f0ba131bb0940711d30e6b256499348c15240bd0e692729d0f473a7e5b39c0924be01b5de189d87a5195f44cdd6d214485071c89f
-
SSDEEP
12288:5Mr3y90cRSwtpvrs/bw8nnWXYyxOI4+5burpx4WdIR8GgOE:6yjjs/bw8nWXYinVa4bI
Static task
static1
Behavioral task
behavioral1
Sample
93adc6cde8a76f9f53424d91b0f0a918b93ec085b496bdecfd321442c29dae4b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
93adc6cde8a76f9f53424d91b0f0a918b93ec085b496bdecfd321442c29dae4b
-
Size
538KB
-
MD5
295d5f27f9e75f4bea846b9432d230a8
-
SHA1
d21f1b88a511177ba3a591cb24b9f09fb15d33b5
-
SHA256
93adc6cde8a76f9f53424d91b0f0a918b93ec085b496bdecfd321442c29dae4b
-
SHA512
c3a53dc92a2c7e300c064a8f0ba131bb0940711d30e6b256499348c15240bd0e692729d0f473a7e5b39c0924be01b5de189d87a5195f44cdd6d214485071c89f
-
SSDEEP
12288:5Mr3y90cRSwtpvrs/bw8nnWXYyxOI4+5burpx4WdIR8GgOE:6yjjs/bw8nWXYinVa4bI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-