General
-
Target
c95f58413b529c8ba9621d1e8def16d691e1fd037d6cc582d6ffc1155bffc59f
-
Size
664KB
-
Sample
230328-c1d29sge93
-
MD5
7ab8e62888acc2310ce3a8b1e211aac5
-
SHA1
20b91286b7a9488d856788d90110e2fad4023ade
-
SHA256
c95f58413b529c8ba9621d1e8def16d691e1fd037d6cc582d6ffc1155bffc59f
-
SHA512
c8306d6677a3c418c107acfbff5d19eb53481e08bad1654fcfc38e0357b7c1de3d7591d3c3a76451d6ab54cfdf0c7856feabf542206ee860c8d2a61dc774449f
-
SSDEEP
12288:5VaVtadukTDcT7VqrPl/eo2E+4YoOOvpv0V7f40cKkyRluPsyM06u44CexnI:5VCiIfMr9/12EbYo9xUf40cKkyn9yM0a
Static task
static1
Behavioral task
behavioral1
Sample
c95f58413b529c8ba9621d1e8def16d691e1fd037d6cc582d6ffc1155bffc59f.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
c95f58413b529c8ba9621d1e8def16d691e1fd037d6cc582d6ffc1155bffc59f
-
Size
664KB
-
MD5
7ab8e62888acc2310ce3a8b1e211aac5
-
SHA1
20b91286b7a9488d856788d90110e2fad4023ade
-
SHA256
c95f58413b529c8ba9621d1e8def16d691e1fd037d6cc582d6ffc1155bffc59f
-
SHA512
c8306d6677a3c418c107acfbff5d19eb53481e08bad1654fcfc38e0357b7c1de3d7591d3c3a76451d6ab54cfdf0c7856feabf542206ee860c8d2a61dc774449f
-
SSDEEP
12288:5VaVtadukTDcT7VqrPl/eo2E+4YoOOvpv0V7f40cKkyRluPsyM06u44CexnI:5VCiIfMr9/12EbYo9xUf40cKkyn9yM0a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-