General
-
Target
385503be289fc3e872d874f24223a32f8545ec57214c46fc79e1bc8de57b0360
-
Size
690KB
-
Sample
230328-cr79rage48
-
MD5
fefb69d848d37c54e89ea2a1bb9a4011
-
SHA1
fb517066da28aaafc9eadc2ebcd701510bcffa5b
-
SHA256
385503be289fc3e872d874f24223a32f8545ec57214c46fc79e1bc8de57b0360
-
SHA512
735a136088cd7ec923d921f30b27a888165fbab6df26d0b9c6ce1dea004e667f1a196ae03ce1e0f756f73e73bdcc0ef8604d681ec30c5bb04867345d96193eb5
-
SSDEEP
12288:nMrmy90rGk4tm6s2GCyV65hLuK8NY3cbgtv5vRFN4fig+K4kE/s0p0gi:VyxtUvPIfaKmY8gB5zN4agaygi
Static task
static1
Behavioral task
behavioral1
Sample
385503be289fc3e872d874f24223a32f8545ec57214c46fc79e1bc8de57b0360.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
385503be289fc3e872d874f24223a32f8545ec57214c46fc79e1bc8de57b0360
-
Size
690KB
-
MD5
fefb69d848d37c54e89ea2a1bb9a4011
-
SHA1
fb517066da28aaafc9eadc2ebcd701510bcffa5b
-
SHA256
385503be289fc3e872d874f24223a32f8545ec57214c46fc79e1bc8de57b0360
-
SHA512
735a136088cd7ec923d921f30b27a888165fbab6df26d0b9c6ce1dea004e667f1a196ae03ce1e0f756f73e73bdcc0ef8604d681ec30c5bb04867345d96193eb5
-
SSDEEP
12288:nMrmy90rGk4tm6s2GCyV65hLuK8NY3cbgtv5vRFN4fig+K4kE/s0p0gi:VyxtUvPIfaKmY8gB5zN4agaygi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-