General
-
Target
923ec412d420d0902b330498300339a8dba57fce6f3d43869310bf119ae6ebd0
-
Size
539KB
-
Sample
230324-mexmlafg4v
-
MD5
76933787d1e39c35525fef10ab3e66c6
-
SHA1
0d4e84790419c5435c3fc43b69533560d4dcb4ca
-
SHA256
923ec412d420d0902b330498300339a8dba57fce6f3d43869310bf119ae6ebd0
-
SHA512
91456dc9cb8f8c205be1b5c8098427232a7c1a9018a6a931dd16c2845b5ab56873b503f46176d5ced069bba073df012a0f3ebd005dbe813f58a5cda546145407
-
SSDEEP
12288:IMr4y90Bx6sSiM8Ca+Uz79GY7xrI4+r/Ny7YHqL4M:gy4BCa5z5GYlWLNy7YKkM
Static task
static1
Behavioral task
behavioral1
Sample
923ec412d420d0902b330498300339a8dba57fce6f3d43869310bf119ae6ebd0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
923ec412d420d0902b330498300339a8dba57fce6f3d43869310bf119ae6ebd0
-
Size
539KB
-
MD5
76933787d1e39c35525fef10ab3e66c6
-
SHA1
0d4e84790419c5435c3fc43b69533560d4dcb4ca
-
SHA256
923ec412d420d0902b330498300339a8dba57fce6f3d43869310bf119ae6ebd0
-
SHA512
91456dc9cb8f8c205be1b5c8098427232a7c1a9018a6a931dd16c2845b5ab56873b503f46176d5ced069bba073df012a0f3ebd005dbe813f58a5cda546145407
-
SSDEEP
12288:IMr4y90Bx6sSiM8Ca+Uz79GY7xrI4+r/Ny7YHqL4M:gy4BCa5z5GYlWLNy7YKkM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-