General
-
Target
b25c837592a7b8ba2e17e25d0097ce2ff2f52bf725fe43a8afe64d2fdb8dfdb4
-
Size
695KB
-
Sample
230327-xvlv5sgh6z
-
MD5
c95d4d970cda70c280f37991dff60df3
-
SHA1
aabf35d37e133fe7e72929020d4855c983808230
-
SHA256
b25c837592a7b8ba2e17e25d0097ce2ff2f52bf725fe43a8afe64d2fdb8dfdb4
-
SHA512
b98cc261874aa981e3537d3b9cbe7dadc979690b72ed4641acfcd738c16b84288af6b58b0f5de4ccf6d309a5aed50bd770b31d9ecf132dc53017b858dfba0448
-
SSDEEP
12288:yMrKy90qlGLsMZrPJh8yRBwNb6poB3FQMylueujsAvPSezhLJJhKtNAc1SHj3tf/:IyhT8F2yY33FQMylueXAyqhFWtNAcQD1
Static task
static1
Behavioral task
behavioral1
Sample
b25c837592a7b8ba2e17e25d0097ce2ff2f52bf725fe43a8afe64d2fdb8dfdb4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
b25c837592a7b8ba2e17e25d0097ce2ff2f52bf725fe43a8afe64d2fdb8dfdb4
-
Size
695KB
-
MD5
c95d4d970cda70c280f37991dff60df3
-
SHA1
aabf35d37e133fe7e72929020d4855c983808230
-
SHA256
b25c837592a7b8ba2e17e25d0097ce2ff2f52bf725fe43a8afe64d2fdb8dfdb4
-
SHA512
b98cc261874aa981e3537d3b9cbe7dadc979690b72ed4641acfcd738c16b84288af6b58b0f5de4ccf6d309a5aed50bd770b31d9ecf132dc53017b858dfba0448
-
SSDEEP
12288:yMrKy90qlGLsMZrPJh8yRBwNb6poB3FQMylueujsAvPSezhLJJhKtNAc1SHj3tf/:IyhT8F2yY33FQMylueXAyqhFWtNAcQD1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-