General
-
Target
61b1e737b734a08ab5893e1ed5378b0308efffe573badf037ceaa6e49d1f4a62
-
Size
539KB
-
Sample
230324-mppdzadg28
-
MD5
6766c7c3a6c46cb1120a6bb1e9be0922
-
SHA1
952ea171f653b414b1a1afa175281492d4b89542
-
SHA256
61b1e737b734a08ab5893e1ed5378b0308efffe573badf037ceaa6e49d1f4a62
-
SHA512
cf6033484fabb3f49f416ef5aca649d0b1e6c3f3657416ddfe8c35c829e47102860da046f63da3ef2c78fb0bd653923903579379037acd23d994cdb25acf7f19
-
SSDEEP
12288:SMrsy90krMXuQduf4BB2fYCxKI4+LRdyd5X4:6ydrF8uABIfYSjNdAi
Static task
static1
Behavioral task
behavioral1
Sample
61b1e737b734a08ab5893e1ed5378b0308efffe573badf037ceaa6e49d1f4a62.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
61b1e737b734a08ab5893e1ed5378b0308efffe573badf037ceaa6e49d1f4a62
-
Size
539KB
-
MD5
6766c7c3a6c46cb1120a6bb1e9be0922
-
SHA1
952ea171f653b414b1a1afa175281492d4b89542
-
SHA256
61b1e737b734a08ab5893e1ed5378b0308efffe573badf037ceaa6e49d1f4a62
-
SHA512
cf6033484fabb3f49f416ef5aca649d0b1e6c3f3657416ddfe8c35c829e47102860da046f63da3ef2c78fb0bd653923903579379037acd23d994cdb25acf7f19
-
SSDEEP
12288:SMrsy90krMXuQduf4BB2fYCxKI4+LRdyd5X4:6ydrF8uABIfYSjNdAi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-