General
-
Target
a7ba8432cdf8004c6ed4965a2295602b.exe
-
Size
553KB
-
Sample
230325-n9q9qsce82
-
MD5
a7ba8432cdf8004c6ed4965a2295602b
-
SHA1
d0614efb61b23057524bfee7f197486f8b84efa0
-
SHA256
4f5e7713069e05f2a897ca86cc822ffd202b6a48abbbdaf11a40c31736a7ef07
-
SHA512
0653cac1ffadff5bb91a0a07120ef80e33c9ee103d63a2f98b0f252d49edd722ba37b79b0391535ed4b36b3fb169583c451fdaa80a3defc06176f31551200e20
-
SSDEEP
12288:mMrqy90hFF6E7MkBZnS0+bwEWnz1m1Rox6cS6crOmuJ46Riw:Qy06sSa1SoxrS6crOmu7
Static task
static1
Behavioral task
behavioral1
Sample
a7ba8432cdf8004c6ed4965a2295602b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a7ba8432cdf8004c6ed4965a2295602b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
rotik
193.233.20.32:4125
-
auth_value
74863478ae154e921eb729354d2bb4bd
Targets
-
-
Target
a7ba8432cdf8004c6ed4965a2295602b.exe
-
Size
553KB
-
MD5
a7ba8432cdf8004c6ed4965a2295602b
-
SHA1
d0614efb61b23057524bfee7f197486f8b84efa0
-
SHA256
4f5e7713069e05f2a897ca86cc822ffd202b6a48abbbdaf11a40c31736a7ef07
-
SHA512
0653cac1ffadff5bb91a0a07120ef80e33c9ee103d63a2f98b0f252d49edd722ba37b79b0391535ed4b36b3fb169583c451fdaa80a3defc06176f31551200e20
-
SSDEEP
12288:mMrqy90hFF6E7MkBZnS0+bwEWnz1m1Rox6cS6crOmuJ46Riw:Qy06sSa1SoxrS6crOmu7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-