General
-
Target
a9246bf85ada6240a2a78fe6956533ec1ede5f86f3ea463ba77b199863883914
-
Size
683KB
-
Sample
230324-q5h4nsgg8v
-
MD5
afa6a1f3589080f20a0eaad321c349d9
-
SHA1
25978fde911da7383d22fdc9e7c4520f42d2e13c
-
SHA256
a9246bf85ada6240a2a78fe6956533ec1ede5f86f3ea463ba77b199863883914
-
SHA512
8b0138f190bec613606ef7f98c3727fce29d9bf4c1c9e2fd73933209cecd03370ed56281fb227c17c6674b8d939a7df20ed46ca14dfdf6bd69dc1577c529db46
-
SSDEEP
12288:ha1/Bcuj0BmeF0ro69uQ1An3M65EUwd9pnAYFbHTtn6XtJSYr317NkExf:hanIEBrh9uQ1Ycp7pFbHymkJNp
Static task
static1
Behavioral task
behavioral1
Sample
a9246bf85ada6240a2a78fe6956533ec1ede5f86f3ea463ba77b199863883914.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
a9246bf85ada6240a2a78fe6956533ec1ede5f86f3ea463ba77b199863883914
-
Size
683KB
-
MD5
afa6a1f3589080f20a0eaad321c349d9
-
SHA1
25978fde911da7383d22fdc9e7c4520f42d2e13c
-
SHA256
a9246bf85ada6240a2a78fe6956533ec1ede5f86f3ea463ba77b199863883914
-
SHA512
8b0138f190bec613606ef7f98c3727fce29d9bf4c1c9e2fd73933209cecd03370ed56281fb227c17c6674b8d939a7df20ed46ca14dfdf6bd69dc1577c529db46
-
SSDEEP
12288:ha1/Bcuj0BmeF0ro69uQ1An3M65EUwd9pnAYFbHTtn6XtJSYr317NkExf:hanIEBrh9uQ1Ycp7pFbHymkJNp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-