General
-
Target
21aba27a757713f6d140d701eaf7e917ff8d9b9a2d7df7ac50a007ed53741750
-
Size
539KB
-
Sample
230324-mny7sadg25
-
MD5
792ab788e9e4ebf50a852b98d897f55e
-
SHA1
6f683f5c852180dec4f69cea9db149431a7d8402
-
SHA256
21aba27a757713f6d140d701eaf7e917ff8d9b9a2d7df7ac50a007ed53741750
-
SHA512
abaa62ee726ab2af84f6cfbb1c77a7ac088b2602aa784103f336ef5f3beffcd9d91ed88093600a3aea0611687c9c8916e2607ddfa25b4f1ecdd898d7c8435547
-
SSDEEP
12288:/MrOy90K53kbFcjAUh2yXYqxsI4+sOO7CVIrX3RMu:RyOxw9h9XYqJzOwIrXhZ
Static task
static1
Behavioral task
behavioral1
Sample
21aba27a757713f6d140d701eaf7e917ff8d9b9a2d7df7ac50a007ed53741750.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
21aba27a757713f6d140d701eaf7e917ff8d9b9a2d7df7ac50a007ed53741750
-
Size
539KB
-
MD5
792ab788e9e4ebf50a852b98d897f55e
-
SHA1
6f683f5c852180dec4f69cea9db149431a7d8402
-
SHA256
21aba27a757713f6d140d701eaf7e917ff8d9b9a2d7df7ac50a007ed53741750
-
SHA512
abaa62ee726ab2af84f6cfbb1c77a7ac088b2602aa784103f336ef5f3beffcd9d91ed88093600a3aea0611687c9c8916e2607ddfa25b4f1ecdd898d7c8435547
-
SSDEEP
12288:/MrOy90K53kbFcjAUh2yXYqxsI4+sOO7CVIrX3RMu:RyOxw9h9XYqJzOwIrXhZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-