General
-
Target
17d42baeb0167521ced4f3a0010283f3.bin
-
Size
510KB
-
Sample
230326-bg5kfagh9v
-
MD5
a623901f73d04d668e3ed7e1c501b4a2
-
SHA1
c7d8f237dfc4eee0149368514b1d512934f78cbd
-
SHA256
b096bb15a1d2958304372ff0d4c56be865b4ba2dbf4d52a1fee3837d59abdc76
-
SHA512
621eead831d1626b339b4c96d3723f562bcff658dbc49a4e7bb63be7c16c17201871a603633001e21205290b417ae46ec710d9de0655e923a1f77e66bdec1c71
-
SSDEEP
12288:QGOOlcdy3M00vNQ38uhLMgrAxJHhSTJ+wxfqtzO9zyhbBCWHldFaarjI:rOyM0U6nRBAjB04wxuzJhbsWHldF1jI
Static task
static1
Behavioral task
behavioral1
Sample
4dd8787a20228e45c582eac16ecde7e6ca03ad78639473d1b091bc3bcfbf5c75.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4dd8787a20228e45c582eac16ecde7e6ca03ad78639473d1b091bc3bcfbf5c75.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
4dd8787a20228e45c582eac16ecde7e6ca03ad78639473d1b091bc3bcfbf5c75.exe
-
Size
553KB
-
MD5
17d42baeb0167521ced4f3a0010283f3
-
SHA1
e92bf79d017426dec346ca09b083856cec2b7807
-
SHA256
4dd8787a20228e45c582eac16ecde7e6ca03ad78639473d1b091bc3bcfbf5c75
-
SHA512
822c5e741c68d9b0cac0d49e6fd6e4fd64d5567a5a60a8932064f455c1172ba0c4123578655218ab72659bd7dfe5c902c9a7aaab4ae3ca4b9d38f665b50549ea
-
SSDEEP
12288:7Mrmy90aOW9ZLSiOBF2LcyWold06WMdWto+/4d/zzyCV:tyIW/evBQvWolyM/9dV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-