General
-
Target
b1a490836c4ff5c8ac87de97b02de6a05e42cf4174671707e963e6b4c572a0cf
-
Size
1.0MB
-
Sample
230325-q3ptfach68
-
MD5
e313d4fa991945eb74b1fe4d7ca0832a
-
SHA1
1dbcc3804cd4eab28f14a9163e5cd58f127ed013
-
SHA256
b1a490836c4ff5c8ac87de97b02de6a05e42cf4174671707e963e6b4c572a0cf
-
SHA512
063e3b402369a3986cf8cd0071e2c98e55d397889c45d179c9a7d060ac5db311769a9ed471d2d08b59b5378b879c3a817e92e3099653ee6dd2d1282ef5636ef7
-
SSDEEP
24576:tyzK6tqq7CQQuJ9DOoZTb+gRmRKh6moiUanj:IIoCQt7fZefRKh6moiU
Static task
static1
Behavioral task
behavioral1
Sample
b1a490836c4ff5c8ac87de97b02de6a05e42cf4174671707e963e6b4c572a0cf.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
rotik
193.233.20.32:4125
-
auth_value
74863478ae154e921eb729354d2bb4bd
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
redline
@REDLINEVIPCHAT Cloud (TG: @FATHEROFCARDERS)
151.80.89.234:19388
-
auth_value
56af49c3278d982f9a41ef2abb7c4d09
Targets
-
-
Target
b1a490836c4ff5c8ac87de97b02de6a05e42cf4174671707e963e6b4c572a0cf
-
Size
1.0MB
-
MD5
e313d4fa991945eb74b1fe4d7ca0832a
-
SHA1
1dbcc3804cd4eab28f14a9163e5cd58f127ed013
-
SHA256
b1a490836c4ff5c8ac87de97b02de6a05e42cf4174671707e963e6b4c572a0cf
-
SHA512
063e3b402369a3986cf8cd0071e2c98e55d397889c45d179c9a7d060ac5db311769a9ed471d2d08b59b5378b879c3a817e92e3099653ee6dd2d1282ef5636ef7
-
SSDEEP
24576:tyzK6tqq7CQQuJ9DOoZTb+gRmRKh6moiUanj:IIoCQt7fZefRKh6moiU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-