General
-
Target
dd0c7e97e325c16559776c821df9ba6dbcd926e94f112a098903b787f0b889e1
-
Size
685KB
-
Sample
230327-sxtasagb6s
-
MD5
2099b0cbff7871ad9f2f50e3987794f6
-
SHA1
bd61b3898e1a42f7227a442e3cb7e939b124f045
-
SHA256
dd0c7e97e325c16559776c821df9ba6dbcd926e94f112a098903b787f0b889e1
-
SHA512
acb6d339e04e2580fb99d6a73b54115456b791e9ae5493a6262c2b54865d9a81adc3d85bb51f452e17dce4a872d63ad68399a982ad3b2adde1e1f0050aae22ee
-
SSDEEP
12288:+Mr2y9068efCXyIDO6aS1qJxkiY/qsXmQLYB77qEBSCHE6ytxPP9J:EyNvmgIqWNdMF7BgCHE6ytxP1J
Static task
static1
Behavioral task
behavioral1
Sample
dd0c7e97e325c16559776c821df9ba6dbcd926e94f112a098903b787f0b889e1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
nice
193.233.20.33:4125
-
auth_value
a7371b75699e8bc7c51fb960e8ac9e81
Targets
-
-
Target
dd0c7e97e325c16559776c821df9ba6dbcd926e94f112a098903b787f0b889e1
-
Size
685KB
-
MD5
2099b0cbff7871ad9f2f50e3987794f6
-
SHA1
bd61b3898e1a42f7227a442e3cb7e939b124f045
-
SHA256
dd0c7e97e325c16559776c821df9ba6dbcd926e94f112a098903b787f0b889e1
-
SHA512
acb6d339e04e2580fb99d6a73b54115456b791e9ae5493a6262c2b54865d9a81adc3d85bb51f452e17dce4a872d63ad68399a982ad3b2adde1e1f0050aae22ee
-
SSDEEP
12288:+Mr2y9068efCXyIDO6aS1qJxkiY/qsXmQLYB77qEBSCHE6ytxPP9J:EyNvmgIqWNdMF7BgCHE6ytxP1J
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-