General
-
Target
e57f0354cdd19a4d7b243623d7214c7f7e4a5c7d25ea514e22ed91fc135621f4
-
Size
540KB
-
Sample
230324-n3gfyseb22
-
MD5
fea5348b77dab5bb85e8156ae45b7325
-
SHA1
0fd5b83767bbe6de0e505f85e1b29f46c7030d8e
-
SHA256
e57f0354cdd19a4d7b243623d7214c7f7e4a5c7d25ea514e22ed91fc135621f4
-
SHA512
459fe17bc03fd543dedea616426340e8d03d12e7d35e102b3c4c78a8e845dd9a50ce52948ee51fe6493b8a8084e7baf9823c9b16ea92747dda77e338c73f6a55
-
SSDEEP
12288:EMrwy90Qheiww0WXJ1inSQ9U7QjC2svkcUE56:sy72Win8Q9q6
Static task
static1
Behavioral task
behavioral1
Sample
e57f0354cdd19a4d7b243623d7214c7f7e4a5c7d25ea514e22ed91fc135621f4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
e57f0354cdd19a4d7b243623d7214c7f7e4a5c7d25ea514e22ed91fc135621f4
-
Size
540KB
-
MD5
fea5348b77dab5bb85e8156ae45b7325
-
SHA1
0fd5b83767bbe6de0e505f85e1b29f46c7030d8e
-
SHA256
e57f0354cdd19a4d7b243623d7214c7f7e4a5c7d25ea514e22ed91fc135621f4
-
SHA512
459fe17bc03fd543dedea616426340e8d03d12e7d35e102b3c4c78a8e845dd9a50ce52948ee51fe6493b8a8084e7baf9823c9b16ea92747dda77e338c73f6a55
-
SSDEEP
12288:EMrwy90Qheiww0WXJ1inSQ9U7QjC2svkcUE56:sy72Win8Q9q6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-