General
-
Target
3af618156916d3693b544fa79dea5eba584ee7766516f0f78893e0c50ba28694
-
Size
553KB
-
Sample
230324-vpdapsff55
-
MD5
f464071aca58a07ec79020477ca72a2a
-
SHA1
64af965a1f4e1656e2957b818b4728c206beae79
-
SHA256
3af618156916d3693b544fa79dea5eba584ee7766516f0f78893e0c50ba28694
-
SHA512
bb0019cedca189ef5ce5bbdf34c093159842125bd19aa7eca69f6e5f0d5e4c8978cedd4be169ca932b62a51f34f1aafa09aa2073234269e0c5b21c6f7b43c982
-
SSDEEP
12288:lMrQy90wpL9ziC3t4rqHa9wVuWjdWIoSLrAfj+JulG:ZyJpLUNrAMsH0SLR5
Static task
static1
Behavioral task
behavioral1
Sample
3af618156916d3693b544fa79dea5eba584ee7766516f0f78893e0c50ba28694.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
3af618156916d3693b544fa79dea5eba584ee7766516f0f78893e0c50ba28694
-
Size
553KB
-
MD5
f464071aca58a07ec79020477ca72a2a
-
SHA1
64af965a1f4e1656e2957b818b4728c206beae79
-
SHA256
3af618156916d3693b544fa79dea5eba584ee7766516f0f78893e0c50ba28694
-
SHA512
bb0019cedca189ef5ce5bbdf34c093159842125bd19aa7eca69f6e5f0d5e4c8978cedd4be169ca932b62a51f34f1aafa09aa2073234269e0c5b21c6f7b43c982
-
SSDEEP
12288:lMrQy90wpL9ziC3t4rqHa9wVuWjdWIoSLrAfj+JulG:ZyJpLUNrAMsH0SLR5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-