General
-
Target
100bef84a8f2b40f9fd1e425d6253ba5ffafc8c64c6bcd1e377fa318c2cadd74
-
Size
680KB
-
Sample
230324-mel6vsdf49
-
MD5
c03f47af548199a3c34f6712f6bcb975
-
SHA1
8193b36ee92dfc08205a0e2d66176891c30e4045
-
SHA256
100bef84a8f2b40f9fd1e425d6253ba5ffafc8c64c6bcd1e377fa318c2cadd74
-
SHA512
e184279aef29c89e9cc832e0de6e18d95fa8d40c83238bee8b0013b0244d2f20f98e52e9055a7248d69ff506ffaa48c32a8e26ec2eeb085e26caca2b46f90ba5
-
SSDEEP
12288:Cd898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:CT08PtIsuup4IO6oz5VC1
Static task
static1
Behavioral task
behavioral1
Sample
100bef84a8f2b40f9fd1e425d6253ba5ffafc8c64c6bcd1e377fa318c2cadd74.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
100bef84a8f2b40f9fd1e425d6253ba5ffafc8c64c6bcd1e377fa318c2cadd74
-
Size
680KB
-
MD5
c03f47af548199a3c34f6712f6bcb975
-
SHA1
8193b36ee92dfc08205a0e2d66176891c30e4045
-
SHA256
100bef84a8f2b40f9fd1e425d6253ba5ffafc8c64c6bcd1e377fa318c2cadd74
-
SHA512
e184279aef29c89e9cc832e0de6e18d95fa8d40c83238bee8b0013b0244d2f20f98e52e9055a7248d69ff506ffaa48c32a8e26ec2eeb085e26caca2b46f90ba5
-
SSDEEP
12288:Cd898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:CT08PtIsuup4IO6oz5VC1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-