General
-
Target
b14ffef19660a57a5ed7626550c55c3307360352c5982f856b22d3f34c534c4d
-
Size
554KB
-
Sample
230324-vm4pwaff53
-
MD5
a277829e6445bc8ce3068eed7265fc19
-
SHA1
05d759c6a77d07b86eed4c0ed293b693c486f442
-
SHA256
b14ffef19660a57a5ed7626550c55c3307360352c5982f856b22d3f34c534c4d
-
SHA512
dac29c261a14bc5c1d5ac900d68ad89b24cd8c1fe655324063d520bd44bf54e724c18a2204a212daeb4ca2377ac130e678fa1a4a92388ce26da23a00ec9036f5
-
SSDEEP
12288:7Mrgy90tFmrXolNdGhgl3iWvdyoVAAlkHQ1HHQ:vy8Fo4lNdqC331bHHHQ
Static task
static1
Behavioral task
behavioral1
Sample
b14ffef19660a57a5ed7626550c55c3307360352c5982f856b22d3f34c534c4d.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
b14ffef19660a57a5ed7626550c55c3307360352c5982f856b22d3f34c534c4d
-
Size
554KB
-
MD5
a277829e6445bc8ce3068eed7265fc19
-
SHA1
05d759c6a77d07b86eed4c0ed293b693c486f442
-
SHA256
b14ffef19660a57a5ed7626550c55c3307360352c5982f856b22d3f34c534c4d
-
SHA512
dac29c261a14bc5c1d5ac900d68ad89b24cd8c1fe655324063d520bd44bf54e724c18a2204a212daeb4ca2377ac130e678fa1a4a92388ce26da23a00ec9036f5
-
SSDEEP
12288:7Mrgy90tFmrXolNdGhgl3iWvdyoVAAlkHQ1HHQ:vy8Fo4lNdqC331bHHHQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-