General
-
Target
77b345f70904c2a0e72b84d707007138631f63b633d4deac15edfcb630e20763
-
Size
690KB
-
Sample
230328-bfgrzsgb62
-
MD5
68fc6b0656d121268b06b0f09fc424b6
-
SHA1
babd10ea8de31b975276e5261da44ffe3ed4174d
-
SHA256
77b345f70904c2a0e72b84d707007138631f63b633d4deac15edfcb630e20763
-
SHA512
7d621839e39f212f31e5920558dbede87305f51a90b0575c75540d1ab0aabf7849d25bedca7e5273d5ea7df7e0af3519402d62bfec852d8ab41addd83d80ee49
-
SSDEEP
12288:7Mrsy90l5EVwgG7rBGG/jiyk1MK/Xa8OW6aiOvoXFxvAFOvfigGcJlnLKsg:Lyg5HtH4CNEqnaiOg1xYOvagGOJm
Static task
static1
Behavioral task
behavioral1
Sample
77b345f70904c2a0e72b84d707007138631f63b633d4deac15edfcb630e20763.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
77b345f70904c2a0e72b84d707007138631f63b633d4deac15edfcb630e20763
-
Size
690KB
-
MD5
68fc6b0656d121268b06b0f09fc424b6
-
SHA1
babd10ea8de31b975276e5261da44ffe3ed4174d
-
SHA256
77b345f70904c2a0e72b84d707007138631f63b633d4deac15edfcb630e20763
-
SHA512
7d621839e39f212f31e5920558dbede87305f51a90b0575c75540d1ab0aabf7849d25bedca7e5273d5ea7df7e0af3519402d62bfec852d8ab41addd83d80ee49
-
SSDEEP
12288:7Mrsy90l5EVwgG7rBGG/jiyk1MK/Xa8OW6aiOvoXFxvAFOvfigGcJlnLKsg:Lyg5HtH4CNEqnaiOg1xYOvagGOJm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-