General
-
Target
afe1f0f8898a60793ae9a5454623269925548626f4ee59641cd42ee71bdfe85d
-
Size
690KB
-
Sample
230328-b7snkaab9w
-
MD5
7b66fd9705b2ee0038787a207e450e20
-
SHA1
2135de3207ebfe97618c47c6de4576420742f633
-
SHA256
afe1f0f8898a60793ae9a5454623269925548626f4ee59641cd42ee71bdfe85d
-
SHA512
9bf3731856acb4e3c983e865548d360b047c0b4a53c6129c937b9e4b6100cc068477bfaaf4a8b7ac60b324ac6498d541325bdb468bebd69fff972961735270aa
-
SSDEEP
12288:IMrTy90gmgXaz0D+yJ65hLu7sK3huSl0F4NvhFZZfig06NKVFSudft+cZb:Ly0Oazc70faYKxuE08zZZagzHp+b
Static task
static1
Behavioral task
behavioral1
Sample
afe1f0f8898a60793ae9a5454623269925548626f4ee59641cd42ee71bdfe85d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
afe1f0f8898a60793ae9a5454623269925548626f4ee59641cd42ee71bdfe85d
-
Size
690KB
-
MD5
7b66fd9705b2ee0038787a207e450e20
-
SHA1
2135de3207ebfe97618c47c6de4576420742f633
-
SHA256
afe1f0f8898a60793ae9a5454623269925548626f4ee59641cd42ee71bdfe85d
-
SHA512
9bf3731856acb4e3c983e865548d360b047c0b4a53c6129c937b9e4b6100cc068477bfaaf4a8b7ac60b324ac6498d541325bdb468bebd69fff972961735270aa
-
SSDEEP
12288:IMrTy90gmgXaz0D+yJ65hLu7sK3huSl0F4NvhFZZfig06NKVFSudft+cZb:Ly0Oazc70faYKxuE08zZZagzHp+b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-