General
-
Target
21ed60322c10bd03dd4f5c8d81cc599b13ef789e32b3b502b1f73dc05edb010f
-
Size
689KB
-
Sample
230328-dfe99sgf74
-
MD5
f5b8df8ec4ddd3f26fafa2c790ee9e24
-
SHA1
59a35688b2210b808ecca78c67e04eb24fd6fd08
-
SHA256
21ed60322c10bd03dd4f5c8d81cc599b13ef789e32b3b502b1f73dc05edb010f
-
SHA512
ef17e3e831f1bb8c1036ae046ea1a5787188171be24fc090a2877a6a60c36e7f5ca16169a28b62ef2f17a0175918a6c562506839f78dc6cf244527981e01a51f
-
SSDEEP
12288:oMrIy90t9HzUGx2Wt7syw65hLuWGMSKI3V2AvAjavmFRXfigtV0gs1EA4dB:Qy8TUMN7tPfaWGLZ3V2AgaiRXag+wB
Static task
static1
Behavioral task
behavioral1
Sample
21ed60322c10bd03dd4f5c8d81cc599b13ef789e32b3b502b1f73dc05edb010f.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
21ed60322c10bd03dd4f5c8d81cc599b13ef789e32b3b502b1f73dc05edb010f
-
Size
689KB
-
MD5
f5b8df8ec4ddd3f26fafa2c790ee9e24
-
SHA1
59a35688b2210b808ecca78c67e04eb24fd6fd08
-
SHA256
21ed60322c10bd03dd4f5c8d81cc599b13ef789e32b3b502b1f73dc05edb010f
-
SHA512
ef17e3e831f1bb8c1036ae046ea1a5787188171be24fc090a2877a6a60c36e7f5ca16169a28b62ef2f17a0175918a6c562506839f78dc6cf244527981e01a51f
-
SSDEEP
12288:oMrIy90t9HzUGx2Wt7syw65hLuWGMSKI3V2AvAjavmFRXfigtV0gs1EA4dB:Qy8TUMN7tPfaWGLZ3V2AgaiRXag+wB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-