General
-
Target
cd2bc10f5d089ede0e3f5c95543439a19115a2ff928062dee10eb2b671651d5d
-
Size
689KB
-
Sample
230328-dtmw9sgg34
-
MD5
7ebaf5a7419dadd3c01a236b401a50ac
-
SHA1
0d0e21bc1535370c7ed21c80aa0176c6e8b1dfd8
-
SHA256
cd2bc10f5d089ede0e3f5c95543439a19115a2ff928062dee10eb2b671651d5d
-
SHA512
cddc7b23b98024814f2a203e0e5cb5a1e2f5a4f5654b93e9dac7137f04dadecbb4e9457f05be52cfd681e4701c32b7518dd6ed77143bf923880a9e0175995dfd
-
SSDEEP
12288:XMray90O1uPy00XHz2X+gp+yV65hLuZw8oaF/6b6mJ5vFFqPfigBeV0qRVpUx1Z/:5yn2gyXF7IfaL4b6mJ5HqPagUjXS1V
Static task
static1
Behavioral task
behavioral1
Sample
cd2bc10f5d089ede0e3f5c95543439a19115a2ff928062dee10eb2b671651d5d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
cd2bc10f5d089ede0e3f5c95543439a19115a2ff928062dee10eb2b671651d5d
-
Size
689KB
-
MD5
7ebaf5a7419dadd3c01a236b401a50ac
-
SHA1
0d0e21bc1535370c7ed21c80aa0176c6e8b1dfd8
-
SHA256
cd2bc10f5d089ede0e3f5c95543439a19115a2ff928062dee10eb2b671651d5d
-
SHA512
cddc7b23b98024814f2a203e0e5cb5a1e2f5a4f5654b93e9dac7137f04dadecbb4e9457f05be52cfd681e4701c32b7518dd6ed77143bf923880a9e0175995dfd
-
SSDEEP
12288:XMray90O1uPy00XHz2X+gp+yV65hLuZw8oaF/6b6mJ5vFFqPfigBeV0qRVpUx1Z/:5yn2gyXF7IfaL4b6mJ5HqPagUjXS1V
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-