General
-
Target
3d5f2336caf9a81a843418d9819a5c2a.bin
-
Size
596KB
-
Sample
230329-bkz45afh41
-
MD5
acb697456e6bd4d99a9dd500b09aea6b
-
SHA1
557e5a6ba2d5f2f417aabab34fab690d89c0a54a
-
SHA256
797c7a18f33f9b8d701ec46a6cb5ef3ed4ba0406a31664624a03da8a3c256360
-
SHA512
34357f3560d167007d40781061446614f99014d7774bc0ba3b536f541bf7edc218c99fac2ecb230917ff73fe3187d507fb197f4924557d1e2ffe9745ff76a306
-
SSDEEP
12288:5PCF6XB4MJEquod5D6QeMg8e2jzUducnBUXvnrFpnzJ0MC:EFdMGquod5D5e3Kan2BNzJzC
Static task
static1
Behavioral task
behavioral1
Sample
2fea6af2b1d327967a46c3228132be457cfc6d670b7e2bbd50d546d844fc77c1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2fea6af2b1d327967a46c3228132be457cfc6d670b7e2bbd50d546d844fc77c1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
nice
193.233.20.33:4125
-
auth_value
a7371b75699e8bc7c51fb960e8ac9e81
Targets
-
-
Target
2fea6af2b1d327967a46c3228132be457cfc6d670b7e2bbd50d546d844fc77c1.exe
-
Size
682KB
-
MD5
3d5f2336caf9a81a843418d9819a5c2a
-
SHA1
1124f2066f99f835735be52492e0d5716dc25445
-
SHA256
2fea6af2b1d327967a46c3228132be457cfc6d670b7e2bbd50d546d844fc77c1
-
SHA512
8b1c93f431ee122237536449474abfb3a51f1a715467d125262b9aaafd7d5f5e69ef53e96a8dfa1267b65faeb02609414db585b9f299626f9d4dcef37932f6c8
-
SSDEEP
12288:8K7KRc/2qg5H3fNrHqZ99foYUtoBsaUleNc8EfSzAON8ymWJtMsOYyBu:PmI2tH3fBHqZnfoYUt4rUleNECGy54bB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-