General
-
Target
17d42baeb0167521ced4f3a0010283f3.exe
-
Size
553KB
-
Sample
230324-w9f3rsag2x
-
MD5
17d42baeb0167521ced4f3a0010283f3
-
SHA1
e92bf79d017426dec346ca09b083856cec2b7807
-
SHA256
4dd8787a20228e45c582eac16ecde7e6ca03ad78639473d1b091bc3bcfbf5c75
-
SHA512
822c5e741c68d9b0cac0d49e6fd6e4fd64d5567a5a60a8932064f455c1172ba0c4123578655218ab72659bd7dfe5c902c9a7aaab4ae3ca4b9d38f665b50549ea
-
SSDEEP
12288:7Mrmy90aOW9ZLSiOBF2LcyWold06WMdWto+/4d/zzyCV:tyIW/evBQvWolyM/9dV
Static task
static1
Behavioral task
behavioral1
Sample
17d42baeb0167521ced4f3a0010283f3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
17d42baeb0167521ced4f3a0010283f3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
17d42baeb0167521ced4f3a0010283f3.exe
-
Size
553KB
-
MD5
17d42baeb0167521ced4f3a0010283f3
-
SHA1
e92bf79d017426dec346ca09b083856cec2b7807
-
SHA256
4dd8787a20228e45c582eac16ecde7e6ca03ad78639473d1b091bc3bcfbf5c75
-
SHA512
822c5e741c68d9b0cac0d49e6fd6e4fd64d5567a5a60a8932064f455c1172ba0c4123578655218ab72659bd7dfe5c902c9a7aaab4ae3ca4b9d38f665b50549ea
-
SSDEEP
12288:7Mrmy90aOW9ZLSiOBF2LcyWold06WMdWto+/4d/zzyCV:tyIW/evBQvWolyM/9dV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-