General
-
Target
dfaebbaaebaedec.exe
-
Size
480KB
-
Sample
250630-tfnjmssrw2
-
MD5
7c5490c346d9bdc918ea16efdccad257
-
SHA1
cbd673d366f5f5dc7bdb8327691d1acb8b147349
-
SHA256
2ec91258dd18a298cb4e7cf2c13af556296b7c63d2a67b59ffecf61af88a31a9
-
SHA512
c317423c46941b3d933b6bb6363aac0fb54ec9fc62f615698ec0717c47bceb6d3d99efd230308f8adc0bb75c2c6c33a08c0792935e80ba8cb1eabe207884a2e6
-
SSDEEP
12288:XdqT7v2AuDoE2PlipXqfxuZxKZ+Zj5A4Y+L4:XdqT7v29oE2PwhgxV+Lsy4
Static task
static1
Behavioral task
behavioral1
Sample
dfaebbaaebaedec.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
dfaebbaaebaedec.exe
Resource
win11-20250619-en
Malware Config
Extracted
redline
vv
185.156.72.89:1912
Targets
-
-
Target
dfaebbaaebaedec.exe
-
Size
480KB
-
MD5
7c5490c346d9bdc918ea16efdccad257
-
SHA1
cbd673d366f5f5dc7bdb8327691d1acb8b147349
-
SHA256
2ec91258dd18a298cb4e7cf2c13af556296b7c63d2a67b59ffecf61af88a31a9
-
SHA512
c317423c46941b3d933b6bb6363aac0fb54ec9fc62f615698ec0717c47bceb6d3d99efd230308f8adc0bb75c2c6c33a08c0792935e80ba8cb1eabe207884a2e6
-
SSDEEP
12288:XdqT7v2AuDoE2PlipXqfxuZxKZ+Zj5A4Y+L4:XdqT7v29oE2PwhgxV+Lsy4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2