General
-
Target
9b67dd861c5e7a07c04f486192fb481b70655f4b8194d56f77b4d06dcdfd01ac
-
Size
553KB
-
Sample
230324-wz7gzage43
-
MD5
af3024a6f89bacfb8064df9c371c06b8
-
SHA1
2497290990388690886f7b5acfc2ca20fde3cdea
-
SHA256
9b67dd861c5e7a07c04f486192fb481b70655f4b8194d56f77b4d06dcdfd01ac
-
SHA512
92f9885ef28c06cae8f9da754bcd2efdef2be57f3904a9e259d44c9527ae6163feb67306f9be13d13dec464c7928d34ad7d5737742da70ed4534258b1949df4d
-
SSDEEP
12288:BMrGy90ilhCidbdHoXADWXhxMdKy3MOJtrL4bzJ:ryllh9dbVKAyxsNbL4J
Static task
static1
Behavioral task
behavioral1
Sample
9b67dd861c5e7a07c04f486192fb481b70655f4b8194d56f77b4d06dcdfd01ac.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
9b67dd861c5e7a07c04f486192fb481b70655f4b8194d56f77b4d06dcdfd01ac
-
Size
553KB
-
MD5
af3024a6f89bacfb8064df9c371c06b8
-
SHA1
2497290990388690886f7b5acfc2ca20fde3cdea
-
SHA256
9b67dd861c5e7a07c04f486192fb481b70655f4b8194d56f77b4d06dcdfd01ac
-
SHA512
92f9885ef28c06cae8f9da754bcd2efdef2be57f3904a9e259d44c9527ae6163feb67306f9be13d13dec464c7928d34ad7d5737742da70ed4534258b1949df4d
-
SSDEEP
12288:BMrGy90ilhCidbdHoXADWXhxMdKy3MOJtrL4bzJ:ryllh9dbVKAyxsNbL4J
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-