General
-
Target
d5e534fd082a240d0a3468fb7df84a4c677b7b1781a8ec8e42e4d3b54b63f9a9
-
Size
680KB
-
Sample
230324-mla26sfg7x
-
MD5
501f013cf52f70830a2dbb085749facc
-
SHA1
e2e10564ad54b6ed1164861f57205cccf3d45727
-
SHA256
d5e534fd082a240d0a3468fb7df84a4c677b7b1781a8ec8e42e4d3b54b63f9a9
-
SHA512
5d72867ba05f0fc42c8cf73bd73147fc674f6b2b537abe42a52f47968b9b878ef148b381e074b265d1a97eefd4c621ffc227142ea592eb3f1b22abc277911585
-
SSDEEP
12288:pd898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:pT08PtIsuup4IO6oz5VC1
Static task
static1
Behavioral task
behavioral1
Sample
d5e534fd082a240d0a3468fb7df84a4c677b7b1781a8ec8e42e4d3b54b63f9a9.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
d5e534fd082a240d0a3468fb7df84a4c677b7b1781a8ec8e42e4d3b54b63f9a9
-
Size
680KB
-
MD5
501f013cf52f70830a2dbb085749facc
-
SHA1
e2e10564ad54b6ed1164861f57205cccf3d45727
-
SHA256
d5e534fd082a240d0a3468fb7df84a4c677b7b1781a8ec8e42e4d3b54b63f9a9
-
SHA512
5d72867ba05f0fc42c8cf73bd73147fc674f6b2b537abe42a52f47968b9b878ef148b381e074b265d1a97eefd4c621ffc227142ea592eb3f1b22abc277911585
-
SSDEEP
12288:pd898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:pT08PtIsuup4IO6oz5VC1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-