General
-
Target
7cd26ad41e89c599b6b6530814dd5a9d0dd17001ffbc73554e642c8a920bf108
-
Size
683KB
-
Sample
230324-q7tcesgg9y
-
MD5
f226e136ba6c32161a11ee473ca372c4
-
SHA1
848d439fb53f30dc51ff030b275a294d8af6eb5f
-
SHA256
7cd26ad41e89c599b6b6530814dd5a9d0dd17001ffbc73554e642c8a920bf108
-
SHA512
e769ee0ec99e8170ff703dbded2e05e5596bd8fa55e9dbd81029fa72e420a6937e4a606bd5e89d59451360bf45ffd905a6f842417d3f234559b8ab2b3eb172c5
-
SSDEEP
12288:6a1/Bcuj0BmeF0ro69uQ1An3M65EUwd9pnAYFbHTtn6XtJSYr317NkExf:6anIEBrh9uQ1Ycp7pFbHymkJNp
Static task
static1
Behavioral task
behavioral1
Sample
7cd26ad41e89c599b6b6530814dd5a9d0dd17001ffbc73554e642c8a920bf108.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
7cd26ad41e89c599b6b6530814dd5a9d0dd17001ffbc73554e642c8a920bf108
-
Size
683KB
-
MD5
f226e136ba6c32161a11ee473ca372c4
-
SHA1
848d439fb53f30dc51ff030b275a294d8af6eb5f
-
SHA256
7cd26ad41e89c599b6b6530814dd5a9d0dd17001ffbc73554e642c8a920bf108
-
SHA512
e769ee0ec99e8170ff703dbded2e05e5596bd8fa55e9dbd81029fa72e420a6937e4a606bd5e89d59451360bf45ffd905a6f842417d3f234559b8ab2b3eb172c5
-
SSDEEP
12288:6a1/Bcuj0BmeF0ro69uQ1An3M65EUwd9pnAYFbHTtn6XtJSYr317NkExf:6anIEBrh9uQ1Ycp7pFbHymkJNp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-