General
-
Target
787f237765d692e18d27f764618cde4bca2b01e80b7d5d228285cdbb5541d88c
-
Size
554KB
-
Sample
230324-zy9gqabe6s
-
MD5
3387524a6425912544616f7ecc770f0b
-
SHA1
bd6aa5c0f2024f4df37d4dd13665574421544c30
-
SHA256
787f237765d692e18d27f764618cde4bca2b01e80b7d5d228285cdbb5541d88c
-
SHA512
5a2b519ae75493dedcd2261aec1946c0e654b634abaa9fc8acac9ac0a3aa293abf882b25616a52bf0f6dc55cc782e5bbaec37dec27ea51fb6359e8f66d0a5485
-
SSDEEP
12288:QMrky90R3PYqgFnUxXRazGFRmN2oGfhOxh:kyAAqgxUJVnToGfhOxh
Static task
static1
Behavioral task
behavioral1
Sample
787f237765d692e18d27f764618cde4bca2b01e80b7d5d228285cdbb5541d88c.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
787f237765d692e18d27f764618cde4bca2b01e80b7d5d228285cdbb5541d88c
-
Size
554KB
-
MD5
3387524a6425912544616f7ecc770f0b
-
SHA1
bd6aa5c0f2024f4df37d4dd13665574421544c30
-
SHA256
787f237765d692e18d27f764618cde4bca2b01e80b7d5d228285cdbb5541d88c
-
SHA512
5a2b519ae75493dedcd2261aec1946c0e654b634abaa9fc8acac9ac0a3aa293abf882b25616a52bf0f6dc55cc782e5bbaec37dec27ea51fb6359e8f66d0a5485
-
SSDEEP
12288:QMrky90R3PYqgFnUxXRazGFRmN2oGfhOxh:kyAAqgxUJVnToGfhOxh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-