General
-
Target
d31dde8060e78327bb63d2ea13d478461e93c7c16ae1547ffe307fa17d3e133b
-
Size
553KB
-
Sample
230324-vyqmdsab8x
-
MD5
163e4d9d1dc573fb7643972492631e2a
-
SHA1
2f7d09f3969922bb08676ace3960414629d184f8
-
SHA256
d31dde8060e78327bb63d2ea13d478461e93c7c16ae1547ffe307fa17d3e133b
-
SHA512
5fa3fabb251e2dd4b419248a75e6eb6865c6b02a34c64c7560c0adb5ccc1a9c2b8fafdfd99538aee5ccc56792fa7f757273745282395f113a1c33ea20fd53c0a
-
SSDEEP
12288:/MrSy90RtK+gFN0qmjX+s0R4WSdWqogw1fa8GnSEU:pyStwrjs4YsjfaY
Static task
static1
Behavioral task
behavioral1
Sample
d31dde8060e78327bb63d2ea13d478461e93c7c16ae1547ffe307fa17d3e133b.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
d31dde8060e78327bb63d2ea13d478461e93c7c16ae1547ffe307fa17d3e133b
-
Size
553KB
-
MD5
163e4d9d1dc573fb7643972492631e2a
-
SHA1
2f7d09f3969922bb08676ace3960414629d184f8
-
SHA256
d31dde8060e78327bb63d2ea13d478461e93c7c16ae1547ffe307fa17d3e133b
-
SHA512
5fa3fabb251e2dd4b419248a75e6eb6865c6b02a34c64c7560c0adb5ccc1a9c2b8fafdfd99538aee5ccc56792fa7f757273745282395f113a1c33ea20fd53c0a
-
SSDEEP
12288:/MrSy90RtK+gFN0qmjX+s0R4WSdWqogw1fa8GnSEU:pyStwrjs4YsjfaY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-