General
-
Target
b964fed786fc34ea5727a038c0b152dbaef0ef5ac6802e07c15e3dd210ee1764
-
Size
541KB
-
Sample
230324-rvmjsahb5v
-
MD5
8d5522c2d8ed288ed7542ab95567c4a4
-
SHA1
be765c8d2f7628f930d20170a1bf8c53c1c0dcf3
-
SHA256
b964fed786fc34ea5727a038c0b152dbaef0ef5ac6802e07c15e3dd210ee1764
-
SHA512
84f94a8a12ccbc7b420a4e2b225416fccb85d6ac70117439bbf53c39665c38f055953e5b1f132269878fd71e93863632b39e78a33026b4a6960ed300ab88d744
-
SSDEEP
6144:K7y+bnr+gp0yN90QEEfyaQXev7a8Sf50oCRT1cHOUn8sBjdhFPOjiWlXU0VuOnyE:hMrMy90ifUXeE50odbBjF4kayXGgXi
Static task
static1
Behavioral task
behavioral1
Sample
b964fed786fc34ea5727a038c0b152dbaef0ef5ac6802e07c15e3dd210ee1764.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
b964fed786fc34ea5727a038c0b152dbaef0ef5ac6802e07c15e3dd210ee1764
-
Size
541KB
-
MD5
8d5522c2d8ed288ed7542ab95567c4a4
-
SHA1
be765c8d2f7628f930d20170a1bf8c53c1c0dcf3
-
SHA256
b964fed786fc34ea5727a038c0b152dbaef0ef5ac6802e07c15e3dd210ee1764
-
SHA512
84f94a8a12ccbc7b420a4e2b225416fccb85d6ac70117439bbf53c39665c38f055953e5b1f132269878fd71e93863632b39e78a33026b4a6960ed300ab88d744
-
SSDEEP
6144:K7y+bnr+gp0yN90QEEfyaQXev7a8Sf50oCRT1cHOUn8sBjdhFPOjiWlXU0VuOnyE:hMrMy90ifUXeE50odbBjF4kayXGgXi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-