General
-
Target
8fe50f1e571fb951e88fd20c59c02ed896d19dcedd7a0aa6cf340c6ed019401c
-
Size
539KB
-
Sample
230324-tdl8sshe6w
-
MD5
ddb0ed3b08760e6f2cd036dfbde481b0
-
SHA1
812690fac328655dd8bc2b77364be22ad1293fc3
-
SHA256
8fe50f1e571fb951e88fd20c59c02ed896d19dcedd7a0aa6cf340c6ed019401c
-
SHA512
c3024ede48ca521331e57770758bb491ad6c2cd0e916a96a0c9b3f10b92317fc37ca6632b9942792b8f735bd8a72e1e0a949320c7810cc7e09146a8e72558382
-
SSDEEP
12288:nMr0y90RKRgmT/sMLy5oq5gTbtNmNlxogAuCVeijWSv5IUGyxH9YV:DyBTVwofTbn0ogAuqeWWSS
Static task
static1
Behavioral task
behavioral1
Sample
8fe50f1e571fb951e88fd20c59c02ed896d19dcedd7a0aa6cf340c6ed019401c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
8fe50f1e571fb951e88fd20c59c02ed896d19dcedd7a0aa6cf340c6ed019401c
-
Size
539KB
-
MD5
ddb0ed3b08760e6f2cd036dfbde481b0
-
SHA1
812690fac328655dd8bc2b77364be22ad1293fc3
-
SHA256
8fe50f1e571fb951e88fd20c59c02ed896d19dcedd7a0aa6cf340c6ed019401c
-
SHA512
c3024ede48ca521331e57770758bb491ad6c2cd0e916a96a0c9b3f10b92317fc37ca6632b9942792b8f735bd8a72e1e0a949320c7810cc7e09146a8e72558382
-
SSDEEP
12288:nMr0y90RKRgmT/sMLy5oq5gTbtNmNlxogAuCVeijWSv5IUGyxH9YV:DyBTVwofTbn0ogAuqeWWSS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-