General
-
Target
e7f602c0768d84a897ccf1ec16918b97d86ff772e36e4cc094f6340bbd8ad92b
-
Size
689KB
-
Sample
230328-bhzqksaa5w
-
MD5
b99d2d2c45c84cc3753989d8b6b0814a
-
SHA1
337c5b310c7d39701c441243c3fb6e592d4bc09a
-
SHA256
e7f602c0768d84a897ccf1ec16918b97d86ff772e36e4cc094f6340bbd8ad92b
-
SHA512
c39744679ae21413ada5f79bca0bf435b231d9b9bf140ac05e72d4a8d7bc76523e04b27616c3753ad9adb38196ab7af91f8386aa58a9989e04ed815a8b7a1905
-
SSDEEP
12288:EMrcy90YzSGQMFR7GjR/FzcKntoyY65hLuVwzoag8JMBJ+OgmJ2v+FEjfigYEd3O:wytlHocKtpXfa6g8J4g/mJ26EjagYEde
Static task
static1
Behavioral task
behavioral1
Sample
e7f602c0768d84a897ccf1ec16918b97d86ff772e36e4cc094f6340bbd8ad92b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
e7f602c0768d84a897ccf1ec16918b97d86ff772e36e4cc094f6340bbd8ad92b
-
Size
689KB
-
MD5
b99d2d2c45c84cc3753989d8b6b0814a
-
SHA1
337c5b310c7d39701c441243c3fb6e592d4bc09a
-
SHA256
e7f602c0768d84a897ccf1ec16918b97d86ff772e36e4cc094f6340bbd8ad92b
-
SHA512
c39744679ae21413ada5f79bca0bf435b231d9b9bf140ac05e72d4a8d7bc76523e04b27616c3753ad9adb38196ab7af91f8386aa58a9989e04ed815a8b7a1905
-
SSDEEP
12288:EMrcy90YzSGQMFR7GjR/FzcKntoyY65hLuVwzoag8JMBJ+OgmJ2v+FEjfigYEd3O:wytlHocKtpXfa6g8J4g/mJ26EjagYEde
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-