General
-
Target
57ac33bab92e0b0face12327d3b8ba0c4908d1b4c9fb5ebd0a1ba34e27c5b706
-
Size
700KB
-
Sample
230327-2glensff56
-
MD5
fda146393cb5373714ff0b72fdeae985
-
SHA1
60ac54ca79ef39ccfbcb7c8af61f72592e975598
-
SHA256
57ac33bab92e0b0face12327d3b8ba0c4908d1b4c9fb5ebd0a1ba34e27c5b706
-
SHA512
97e6a4d1ae0cf5da8f69bde6e5fc6a4bfa852dfca96725910d8ece9006a5e89a96000fc560e4850454382db87b622f2e6127b3dbad13b399059cc65ae2a7fab6
-
SSDEEP
12288:dMrVy90RglYA3QUlO9D5PcAbWy8F5SQrZ/rf0x0sB5Fh/EeUK0:YydlGUlUbD8zSQ9bGBvh/EvK0
Static task
static1
Behavioral task
behavioral1
Sample
57ac33bab92e0b0face12327d3b8ba0c4908d1b4c9fb5ebd0a1ba34e27c5b706.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
57ac33bab92e0b0face12327d3b8ba0c4908d1b4c9fb5ebd0a1ba34e27c5b706
-
Size
700KB
-
MD5
fda146393cb5373714ff0b72fdeae985
-
SHA1
60ac54ca79ef39ccfbcb7c8af61f72592e975598
-
SHA256
57ac33bab92e0b0face12327d3b8ba0c4908d1b4c9fb5ebd0a1ba34e27c5b706
-
SHA512
97e6a4d1ae0cf5da8f69bde6e5fc6a4bfa852dfca96725910d8ece9006a5e89a96000fc560e4850454382db87b622f2e6127b3dbad13b399059cc65ae2a7fab6
-
SSDEEP
12288:dMrVy90RglYA3QUlO9D5PcAbWy8F5SQrZ/rf0x0sB5Fh/EeUK0:YydlGUlUbD8zSQ9bGBvh/EvK0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-