General
-
Target
aafbf6524e4a1477534396927d4080175380ec3dc11160e21dbf2819b72127ff
-
Size
688KB
-
Sample
230328-dsnr6sae8s
-
MD5
0d426b707bcc29bc8880fdaf12aa5f63
-
SHA1
95e0570bd36533d2bcdf4e8f45570306f5e274a4
-
SHA256
aafbf6524e4a1477534396927d4080175380ec3dc11160e21dbf2819b72127ff
-
SHA512
8abd4331dac4b16b16527f87829bed2b9b37060fa95a16ee048ac189beb51c6354113d7fe410d6996d50946ce1a7874557a553d706a03b794db71e78b435a882
-
SSDEEP
12288:1MrRy90CDVjvZUCAXyt65hLuRHyiwNobwOmJMvQFbOfig7y8vSI7R:0yzOigfadwOmJMYbOag7pvSs
Static task
static1
Behavioral task
behavioral1
Sample
aafbf6524e4a1477534396927d4080175380ec3dc11160e21dbf2819b72127ff.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
aafbf6524e4a1477534396927d4080175380ec3dc11160e21dbf2819b72127ff
-
Size
688KB
-
MD5
0d426b707bcc29bc8880fdaf12aa5f63
-
SHA1
95e0570bd36533d2bcdf4e8f45570306f5e274a4
-
SHA256
aafbf6524e4a1477534396927d4080175380ec3dc11160e21dbf2819b72127ff
-
SHA512
8abd4331dac4b16b16527f87829bed2b9b37060fa95a16ee048ac189beb51c6354113d7fe410d6996d50946ce1a7874557a553d706a03b794db71e78b435a882
-
SSDEEP
12288:1MrRy90CDVjvZUCAXyt65hLuRHyiwNobwOmJMvQFbOfig7y8vSI7R:0yzOigfadwOmJMYbOag7pvSs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-