General
-
Target
ab280d89926fb13c73ca6fc90650db6de127d90b0f5a40db8a039f2ef2b9c684
-
Size
688KB
-
Sample
230328-bxad8sab4t
-
MD5
a9a7647ad88eaee2c3d3486d45c9b980
-
SHA1
a9425800c267d54d0ed7ec812994fa98613757e2
-
SHA256
ab280d89926fb13c73ca6fc90650db6de127d90b0f5a40db8a039f2ef2b9c684
-
SHA512
c4a79e85e4414298fba9ee09289721f04efbd5ee34a6b4ad2a6dd617d189dd2cda10f659faa656d8ad11df70b162ec441fc7495563c34e7710315cbc3bd44eef
-
SSDEEP
12288:PMrgy90LiZYh02pFAyS65hLuydOK33uSvYNpSlOwumJev4F4pfigJWXCZ1K/9KE:7yeRBfayQKnuqioMFmJeg4pagJA+W3
Static task
static1
Behavioral task
behavioral1
Sample
ab280d89926fb13c73ca6fc90650db6de127d90b0f5a40db8a039f2ef2b9c684.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
ab280d89926fb13c73ca6fc90650db6de127d90b0f5a40db8a039f2ef2b9c684
-
Size
688KB
-
MD5
a9a7647ad88eaee2c3d3486d45c9b980
-
SHA1
a9425800c267d54d0ed7ec812994fa98613757e2
-
SHA256
ab280d89926fb13c73ca6fc90650db6de127d90b0f5a40db8a039f2ef2b9c684
-
SHA512
c4a79e85e4414298fba9ee09289721f04efbd5ee34a6b4ad2a6dd617d189dd2cda10f659faa656d8ad11df70b162ec441fc7495563c34e7710315cbc3bd44eef
-
SSDEEP
12288:PMrgy90LiZYh02pFAyS65hLuydOK33uSvYNpSlOwumJev4F4pfigJWXCZ1K/9KE:7yeRBfayQKnuqioMFmJeg4pagJA+W3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-