General
-
Target
b1cb7cbd1ce5e480d7d72826fe849297.bin
-
Size
643KB
-
Sample
230328-cm1zwaac7z
-
MD5
dcb0b8cf1c425ab6536b90ea8d64e8e8
-
SHA1
b349c7f00ddcbcc7dd0465fb671f93c1d9ac96d1
-
SHA256
b0f45585081bf29139f552b5ba43bc008587d6e86106b2f108108c4da9e46477
-
SHA512
f3d0f931aba248c40e0163dd0bc8440f0234e652b08fba862e3ef0d8d4654a1e0d78c08b2f1df1f5098d394f26d54d0d54808fab30e14832d6e8eca56c59268a
-
SSDEEP
12288:3VsnKbnmHX14rGlULSD5dQz0bewPvAiq1lQVFLMyRgNr8jh7xX23lCZeD3kO:FMqmHerGG8429AJ1lQVVZgNgf21CZwB
Static task
static1
Behavioral task
behavioral1
Sample
cb2a011220c6050942b327244c7b3df1b0652c9cf1c18b64f71d2b08b654e6c8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cb2a011220c6050942b327244c7b3df1b0652c9cf1c18b64f71d2b08b654e6c8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
dent
193.233.20.33:4125
-
auth_value
e795368557f02e28e8aef6bcb279a3b0
Targets
-
-
Target
cb2a011220c6050942b327244c7b3df1b0652c9cf1c18b64f71d2b08b654e6c8.exe
-
Size
686KB
-
MD5
b1cb7cbd1ce5e480d7d72826fe849297
-
SHA1
d5e7ba459dbe4d664e4afa7c21803514601d914f
-
SHA256
cb2a011220c6050942b327244c7b3df1b0652c9cf1c18b64f71d2b08b654e6c8
-
SHA512
4c04df9437fbdea87136926267a6b929051c5e6bb96fe357bf97ac1f2e4dd6dcfb074f62a3d39739c2c41c439c1ed1e081733827c828360b2d99fa48a74e416f
-
SSDEEP
12288:zMrly90AIqgN2yYHCDcTtkbt3OZHSnDLx8EAMQ5KOe1GovkgBQ8znbj:iyrlWTYUteTpYr1GovQ8Xj
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-