General
-
Target
856fc10fc4ffc2d24670e1d06998b7647c7739df7421285a53f46f227a1b2d93
-
Size
685KB
-
Sample
230327-rllwwsdg76
-
MD5
18fa5994fe0a4e1b5ecadf4339035bcd
-
SHA1
30092438ffb30146d244f6ad8d95c9e1319664f8
-
SHA256
856fc10fc4ffc2d24670e1d06998b7647c7739df7421285a53f46f227a1b2d93
-
SHA512
4e666583b32c3a310a4efe02ba882cb3e9f638ee6452b572ba2e71154ad737132b5d3fe37b6ad1d9dfeb62976e352ab2f07bdf4866be9887327ec2f7b337bd95
-
SSDEEP
12288:/Mrwy90T/w5bEl1X5RJSkPKyz0GmfqwwvvwUBKYiEnVBZ8UN:DyM/JVRrKy7mfqLXYYiEvZBN
Static task
static1
Behavioral task
behavioral1
Sample
856fc10fc4ffc2d24670e1d06998b7647c7739df7421285a53f46f227a1b2d93.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
nice
193.233.20.33:4125
-
auth_value
a7371b75699e8bc7c51fb960e8ac9e81
Targets
-
-
Target
856fc10fc4ffc2d24670e1d06998b7647c7739df7421285a53f46f227a1b2d93
-
Size
685KB
-
MD5
18fa5994fe0a4e1b5ecadf4339035bcd
-
SHA1
30092438ffb30146d244f6ad8d95c9e1319664f8
-
SHA256
856fc10fc4ffc2d24670e1d06998b7647c7739df7421285a53f46f227a1b2d93
-
SHA512
4e666583b32c3a310a4efe02ba882cb3e9f638ee6452b572ba2e71154ad737132b5d3fe37b6ad1d9dfeb62976e352ab2f07bdf4866be9887327ec2f7b337bd95
-
SSDEEP
12288:/Mrwy90T/w5bEl1X5RJSkPKyz0GmfqwwvvwUBKYiEnVBZ8UN:DyM/JVRrKy7mfqLXYYiEvZBN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-