General
-
Target
dbda5c0fb7dc2b929baee3fad30e7939653e51245128977d179c9707bda00dc4
-
Size
690KB
-
Sample
230328-d49h1sgg65
-
MD5
f7c7d32fd41a4863efa4d280e39d1a9c
-
SHA1
589a78e0b1c921db8f28355ec9f2a6413981e9ed
-
SHA256
dbda5c0fb7dc2b929baee3fad30e7939653e51245128977d179c9707bda00dc4
-
SHA512
a3f72ebbd09dcb438af2272d0e0e85600288f1f8fe5fd4eeb6a2ba6964cae41faafbde272c3716cc4fdb958ed4b177c19f0d0259b6cd265b8830e6605a0c87e3
-
SSDEEP
12288:LMriy90EtUVQub2qcepCuPQy565hLuBaG4gNZF6BQEvvFFSHfigbJEKJaLd++rgI:FyN6VQub2PepphEfaoYZF6BQIHSHagNa
Static task
static1
Behavioral task
behavioral1
Sample
dbda5c0fb7dc2b929baee3fad30e7939653e51245128977d179c9707bda00dc4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
dbda5c0fb7dc2b929baee3fad30e7939653e51245128977d179c9707bda00dc4
-
Size
690KB
-
MD5
f7c7d32fd41a4863efa4d280e39d1a9c
-
SHA1
589a78e0b1c921db8f28355ec9f2a6413981e9ed
-
SHA256
dbda5c0fb7dc2b929baee3fad30e7939653e51245128977d179c9707bda00dc4
-
SHA512
a3f72ebbd09dcb438af2272d0e0e85600288f1f8fe5fd4eeb6a2ba6964cae41faafbde272c3716cc4fdb958ed4b177c19f0d0259b6cd265b8830e6605a0c87e3
-
SSDEEP
12288:LMriy90EtUVQub2qcepCuPQy565hLuBaG4gNZF6BQEvvFFSHfigbJEKJaLd++rgI:FyN6VQub2PepphEfaoYZF6BQIHSHagNa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-