General
-
Target
afeb3347b6a0e8ad3d0cdd2507dcacae3d568211a0968def7512e78908a95a9a
-
Size
553KB
-
Sample
230324-wfzysaad9y
-
MD5
6a5d07f58f1c154a2560c8e9b5e4649b
-
SHA1
3cc616c5505b835df29ed55131bb844f4f773862
-
SHA256
afeb3347b6a0e8ad3d0cdd2507dcacae3d568211a0968def7512e78908a95a9a
-
SHA512
2ec5873628d76d7e4e82f37f5c641f833db8a6eff28137b54982cc1954bf7f8f39e08d94a539144c35f07e616b144cb43d58e43351130577640bd03311629109
-
SSDEEP
12288:UMr+y90s8V4XnJJd1WNCPXWrhKy2yJsocTNW3cN:SyxrrWNCWDcTNT
Static task
static1
Behavioral task
behavioral1
Sample
afeb3347b6a0e8ad3d0cdd2507dcacae3d568211a0968def7512e78908a95a9a.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
afeb3347b6a0e8ad3d0cdd2507dcacae3d568211a0968def7512e78908a95a9a
-
Size
553KB
-
MD5
6a5d07f58f1c154a2560c8e9b5e4649b
-
SHA1
3cc616c5505b835df29ed55131bb844f4f773862
-
SHA256
afeb3347b6a0e8ad3d0cdd2507dcacae3d568211a0968def7512e78908a95a9a
-
SHA512
2ec5873628d76d7e4e82f37f5c641f833db8a6eff28137b54982cc1954bf7f8f39e08d94a539144c35f07e616b144cb43d58e43351130577640bd03311629109
-
SSDEEP
12288:UMr+y90s8V4XnJJd1WNCPXWrhKy2yJsocTNW3cN:SyxrrWNCWDcTNT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-