General
-
Target
c0d202bfcdcd8721f6ca79d5ca13d534ea0804db5d29d6cff5690a915ef39748
-
Size
690KB
-
Sample
230328-d9jjsagg85
-
MD5
1e7ceb0b1064b1fdc5dd4b8be3e95e4a
-
SHA1
3ab6284f675ae11659e4be914d639a6a915ce670
-
SHA256
c0d202bfcdcd8721f6ca79d5ca13d534ea0804db5d29d6cff5690a915ef39748
-
SHA512
4a59c1152950d0337e6072cd23ff62023eac87a4f0d7f9bb8298ab962184c305b5282c51ce7c0ce2079188cd10d9a7316abf177b4459d35e500d851d58cb931b
-
SSDEEP
12288:qMr0y90OCq2LqjFNQGH7CpLARW3GbZ9+LD4v/vNFg1figTMG/BgOlms:6yK2jFNKpsMG6D4v/fg1agTMOlms
Static task
static1
Behavioral task
behavioral1
Sample
c0d202bfcdcd8721f6ca79d5ca13d534ea0804db5d29d6cff5690a915ef39748.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
c0d202bfcdcd8721f6ca79d5ca13d534ea0804db5d29d6cff5690a915ef39748
-
Size
690KB
-
MD5
1e7ceb0b1064b1fdc5dd4b8be3e95e4a
-
SHA1
3ab6284f675ae11659e4be914d639a6a915ce670
-
SHA256
c0d202bfcdcd8721f6ca79d5ca13d534ea0804db5d29d6cff5690a915ef39748
-
SHA512
4a59c1152950d0337e6072cd23ff62023eac87a4f0d7f9bb8298ab962184c305b5282c51ce7c0ce2079188cd10d9a7316abf177b4459d35e500d851d58cb931b
-
SSDEEP
12288:qMr0y90OCq2LqjFNQGH7CpLARW3GbZ9+LD4v/vNFg1figTMG/BgOlms:6yK2jFNKpsMG6D4v/fg1agTMOlms
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-