General
-
Target
c7bda96b9f05279ff77b92b5cd3c1778c31be9ee4037d323c0fb6cb926d8548a
-
Size
540KB
-
Sample
230324-rx4abafa95
-
MD5
779a8694f72f437e89c24c1e5a082b61
-
SHA1
b8e375c715146f3dd49366690822b4f4c6db096e
-
SHA256
c7bda96b9f05279ff77b92b5cd3c1778c31be9ee4037d323c0fb6cb926d8548a
-
SHA512
6f0dbd02a9937f917c47a4587c2b627c47162ae534b043566b220c82220c221fc02be085f61528b0dd90b76e2c9475322faff8e9f0820b7c78c75bf460fbf112
-
SSDEEP
12288:FMr6y90qz+YZ2Id0O0T+qjeSSHDvN9jxBv:3y3+YQI2Om+OeSqlBv
Static task
static1
Behavioral task
behavioral1
Sample
c7bda96b9f05279ff77b92b5cd3c1778c31be9ee4037d323c0fb6cb926d8548a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
c7bda96b9f05279ff77b92b5cd3c1778c31be9ee4037d323c0fb6cb926d8548a
-
Size
540KB
-
MD5
779a8694f72f437e89c24c1e5a082b61
-
SHA1
b8e375c715146f3dd49366690822b4f4c6db096e
-
SHA256
c7bda96b9f05279ff77b92b5cd3c1778c31be9ee4037d323c0fb6cb926d8548a
-
SHA512
6f0dbd02a9937f917c47a4587c2b627c47162ae534b043566b220c82220c221fc02be085f61528b0dd90b76e2c9475322faff8e9f0820b7c78c75bf460fbf112
-
SSDEEP
12288:FMr6y90qz+YZ2Id0O0T+qjeSSHDvN9jxBv:3y3+YQI2Om+OeSqlBv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-