General
-
Target
4beda4d2e8d229fadee52954cd9df273b2f011116c02f187d8829388ce874b67
-
Size
689KB
-
Sample
230325-afwqgaab47
-
MD5
f8f769d2a9b7243f44dc43e6ccb66ac8
-
SHA1
bde46def7936c5468efda9f23a62965163002476
-
SHA256
4beda4d2e8d229fadee52954cd9df273b2f011116c02f187d8829388ce874b67
-
SHA512
3605365244c7360d71d7ff423a4818f8eb0e113461bbb2892d5a5b5e65c536913ed1116f8f824a418c1968aca0a3f97f3a74dfdcc9bf39bb803c690b9f2f9c67
-
SSDEEP
12288:EMriy90Qaebeiuf53LZCzRu2uDV+sI0fMll0b7N4gFRV7597wfu:eyjzuhUzwnkW14ot
Static task
static1
Behavioral task
behavioral1
Sample
4beda4d2e8d229fadee52954cd9df273b2f011116c02f187d8829388ce874b67.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lenka
193.233.20.32:4125
-
auth_value
8a60e8b2ec79d6a7e92f9feac39b8830
Targets
-
-
Target
4beda4d2e8d229fadee52954cd9df273b2f011116c02f187d8829388ce874b67
-
Size
689KB
-
MD5
f8f769d2a9b7243f44dc43e6ccb66ac8
-
SHA1
bde46def7936c5468efda9f23a62965163002476
-
SHA256
4beda4d2e8d229fadee52954cd9df273b2f011116c02f187d8829388ce874b67
-
SHA512
3605365244c7360d71d7ff423a4818f8eb0e113461bbb2892d5a5b5e65c536913ed1116f8f824a418c1968aca0a3f97f3a74dfdcc9bf39bb803c690b9f2f9c67
-
SSDEEP
12288:EMriy90Qaebeiuf53LZCzRu2uDV+sI0fMll0b7N4gFRV7597wfu:eyjzuhUzwnkW14ot
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-