General
-
Target
3e2485f1a6f956cb7dc1e325c91e1eeaeaa08b631a38127b2db1cf43b63c2491
-
Size
695KB
-
Sample
230327-xcxvpagg91
-
MD5
06f925f61bf5e76f84d8c64fb92563a9
-
SHA1
4f6dc144d28156d09c50cf05966039ce5c15b309
-
SHA256
3e2485f1a6f956cb7dc1e325c91e1eeaeaa08b631a38127b2db1cf43b63c2491
-
SHA512
a3e5a5341f7ebeba025f624c8fde70e97ece8076181299fefa1b1115a8cba78e19d391cb26e9c51ba0692cedc9fa467864309f9e0858a04ecb999fcdbd057fcd
-
SSDEEP
12288:PMrBy90GSGzdXsfyaqpMifkFDtnfEluPl/K7Oe9VzNDMJNNK7Ksy8FRg5z:ay5JctqpVyxMlel/yOyVN49CLyWu9
Static task
static1
Behavioral task
behavioral1
Sample
3e2485f1a6f956cb7dc1e325c91e1eeaeaa08b631a38127b2db1cf43b63c2491.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
3e2485f1a6f956cb7dc1e325c91e1eeaeaa08b631a38127b2db1cf43b63c2491
-
Size
695KB
-
MD5
06f925f61bf5e76f84d8c64fb92563a9
-
SHA1
4f6dc144d28156d09c50cf05966039ce5c15b309
-
SHA256
3e2485f1a6f956cb7dc1e325c91e1eeaeaa08b631a38127b2db1cf43b63c2491
-
SHA512
a3e5a5341f7ebeba025f624c8fde70e97ece8076181299fefa1b1115a8cba78e19d391cb26e9c51ba0692cedc9fa467864309f9e0858a04ecb999fcdbd057fcd
-
SSDEEP
12288:PMrBy90GSGzdXsfyaqpMifkFDtnfEluPl/K7Oe9VzNDMJNNK7Ksy8FRg5z:ay5JctqpVyxMlel/yOyVN49CLyWu9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-