General
-
Target
2aff4453a4adc3045c82f27ca14aa949.bin
-
Size
593KB
-
Sample
230327-ble6cach2z
-
MD5
91bc0ed47a46f6f8022227b4cc389985
-
SHA1
2d2ccc6326d3c669c9dee6fd57877260258bdfd4
-
SHA256
30c6052817eb5a0fb5965184bc3b3d87453d11a4bbf969ee1fa6f9b663dde9e6
-
SHA512
e1cc192886c54f6894626dd665f8f44f4bb2b1cdb8408a2a5ed9f5cf092eaa4cc182abe45207c18446db31eb0930569870bec4ef49ce99fc132ca6447a9ad6ab
-
SSDEEP
12288:wTya42SejZt6j3Q3xa4MNEs07JNGAh6t/TyCrwwMvQBE5KRU+3znR77Ivj6JYc9n:psvMNz+Gj5TyDn50UCIvj0hn
Static task
static1
Behavioral task
behavioral1
Sample
5d3fe2efdc09a6c2ca7a7d0a9f7834b82fb1790686d8ef2300cc33f1393b3d69.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5d3fe2efdc09a6c2ca7a7d0a9f7834b82fb1790686d8ef2300cc33f1393b3d69.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
real
193.233.20.31:4125
-
auth_value
bb22a50228754849387d5f4d1611e71b
Targets
-
-
Target
5d3fe2efdc09a6c2ca7a7d0a9f7834b82fb1790686d8ef2300cc33f1393b3d69.exe
-
Size
679KB
-
MD5
2aff4453a4adc3045c82f27ca14aa949
-
SHA1
24dcb1e2adc24cfb17a8f744dc194fbb0d154afb
-
SHA256
5d3fe2efdc09a6c2ca7a7d0a9f7834b82fb1790686d8ef2300cc33f1393b3d69
-
SHA512
b39c9677fa4eade115dfc157a902080c1d651da1c8fea7cb5cc3d96b515c145996da0545e9684e036427a5f5790839b67b74dac345367204c0369afb587d293c
-
SSDEEP
12288:VHmxMy2FxQAVSh5ahZXhrlX4BAQitxjN7ThRsWTt:pbLFxQAk5wzhQitnsE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-