General
-
Target
2d5cda57f21697c692098747644dcfb28ac5867c73e9de03f3c5c9423ac97455
-
Size
554KB
-
Sample
230324-v6k2waad5t
-
MD5
261b8235ded1a97bb273df95bf88d4fa
-
SHA1
5b82f5f6310c8cf5baa042b1a037a2215cb49108
-
SHA256
2d5cda57f21697c692098747644dcfb28ac5867c73e9de03f3c5c9423ac97455
-
SHA512
b774e17ef171a8366ec6584a3a577324009ca7d7575392598c16e5cd485f2e4cd2ec212e107755b14a433789498aec9d4b112b9c6c8cf5d785a9513d9fc7f75e
-
SSDEEP
12288:hMrYy90hM9Pt+BfdZWwA3WudWPoSCU35QNq:pydidZCVvKQNq
Static task
static1
Behavioral task
behavioral1
Sample
2d5cda57f21697c692098747644dcfb28ac5867c73e9de03f3c5c9423ac97455.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
2d5cda57f21697c692098747644dcfb28ac5867c73e9de03f3c5c9423ac97455
-
Size
554KB
-
MD5
261b8235ded1a97bb273df95bf88d4fa
-
SHA1
5b82f5f6310c8cf5baa042b1a037a2215cb49108
-
SHA256
2d5cda57f21697c692098747644dcfb28ac5867c73e9de03f3c5c9423ac97455
-
SHA512
b774e17ef171a8366ec6584a3a577324009ca7d7575392598c16e5cd485f2e4cd2ec212e107755b14a433789498aec9d4b112b9c6c8cf5d785a9513d9fc7f75e
-
SSDEEP
12288:hMrYy90hM9Pt+BfdZWwA3WudWPoSCU35QNq:pydidZCVvKQNq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-