General
-
Target
6de2b370e3a4aca7692181f315011550bd9562d310b3a0ea37a41ad139263238
-
Size
540KB
-
Sample
230324-t22cmafe67
-
MD5
2cf6d7baaf67aff0005cd2f9bcb72138
-
SHA1
6f6485d349dd2cdd83c1e01d4a0ddcd4c99123da
-
SHA256
6de2b370e3a4aca7692181f315011550bd9562d310b3a0ea37a41ad139263238
-
SHA512
c6f945504961e486a9290ac399eddafcaf39dc85897d46f3c5900a8234ea9894b3835cd9fc811d1e5b496e3486bea2ad8f8ec3a0e47d87f1f32ddb6ba0fd350f
-
SSDEEP
6144:Kcy+bnr+Np0yN90QEvPVPHQrFrQppJgxhBKEJLBjhvvlvtFMFQDKAszjdLsf9t/B:4MrRy90dPVPHgN9KwHhJD6zjijWdA
Static task
static1
Behavioral task
behavioral1
Sample
6de2b370e3a4aca7692181f315011550bd9562d310b3a0ea37a41ad139263238.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
6de2b370e3a4aca7692181f315011550bd9562d310b3a0ea37a41ad139263238
-
Size
540KB
-
MD5
2cf6d7baaf67aff0005cd2f9bcb72138
-
SHA1
6f6485d349dd2cdd83c1e01d4a0ddcd4c99123da
-
SHA256
6de2b370e3a4aca7692181f315011550bd9562d310b3a0ea37a41ad139263238
-
SHA512
c6f945504961e486a9290ac399eddafcaf39dc85897d46f3c5900a8234ea9894b3835cd9fc811d1e5b496e3486bea2ad8f8ec3a0e47d87f1f32ddb6ba0fd350f
-
SSDEEP
6144:Kcy+bnr+Np0yN90QEvPVPHQrFrQppJgxhBKEJLBjhvvlvtFMFQDKAszjdLsf9t/B:4MrRy90dPVPHgN9KwHhJD6zjijWdA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-