General
-
Target
c0090156b0d8d5354da0ad43c555c9e70006aa0bfb7c8274003eeb2336153692
-
Size
690KB
-
Sample
230328-bdh72agb52
-
MD5
0e311c3ecd949d87fc484b6161d38ac7
-
SHA1
6a541dde37b478987c93356385fb4dee910e45be
-
SHA256
c0090156b0d8d5354da0ad43c555c9e70006aa0bfb7c8274003eeb2336153692
-
SHA512
28fb2fb77c2ec1c23063caf3b40b71b173ce1c8246a6bb85c211cca985a4098dee2db7ab642eb0c7114bc02b39db9fac31dabfa4d84e4ec9566eb54ab34450d7
-
SSDEEP
12288:/Mr4y90ExaZK1ojDvq7qFPzyw65hLuAmXN4MmHvoF2IfigYjy/h2E7+WL:fy/MLrqMPuPfa3yMmHw2IagPDL
Static task
static1
Behavioral task
behavioral1
Sample
c0090156b0d8d5354da0ad43c555c9e70006aa0bfb7c8274003eeb2336153692.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
c0090156b0d8d5354da0ad43c555c9e70006aa0bfb7c8274003eeb2336153692
-
Size
690KB
-
MD5
0e311c3ecd949d87fc484b6161d38ac7
-
SHA1
6a541dde37b478987c93356385fb4dee910e45be
-
SHA256
c0090156b0d8d5354da0ad43c555c9e70006aa0bfb7c8274003eeb2336153692
-
SHA512
28fb2fb77c2ec1c23063caf3b40b71b173ce1c8246a6bb85c211cca985a4098dee2db7ab642eb0c7114bc02b39db9fac31dabfa4d84e4ec9566eb54ab34450d7
-
SSDEEP
12288:/Mr4y90ExaZK1ojDvq7qFPzyw65hLuAmXN4MmHvoF2IfigYjy/h2E7+WL:fy/MLrqMPuPfa3yMmHw2IagPDL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-