General
-
Target
31132e73affcfbc84a0639632638bfa0eb4d01caf9e2dd5fafb8c2c4a2572a07
-
Size
690KB
-
Sample
230328-dw56maae9v
-
MD5
0e847c83af55d7ac41d2688d0bc6e7c9
-
SHA1
6ce488102e686f9591a1458a5f1dd2d7fb9aae7e
-
SHA256
31132e73affcfbc84a0639632638bfa0eb4d01caf9e2dd5fafb8c2c4a2572a07
-
SHA512
2216691ede43d347eecd8e148066d83190bd1c01851d2313f0f6605a6e0f8dcfe9188fd5b659ec5a1791ad0d63bce5fb325171531eaa172af5a8b1547a6910f1
-
SSDEEP
12288:XMruy90yHLhArK3VbMmbVNuy565hLuF5W6MEp/EAGuvKFm2figzvn6b9r:1ypHlnbVBEfaF5W6/bWm2agwr
Static task
static1
Behavioral task
behavioral1
Sample
31132e73affcfbc84a0639632638bfa0eb4d01caf9e2dd5fafb8c2c4a2572a07.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
31132e73affcfbc84a0639632638bfa0eb4d01caf9e2dd5fafb8c2c4a2572a07
-
Size
690KB
-
MD5
0e847c83af55d7ac41d2688d0bc6e7c9
-
SHA1
6ce488102e686f9591a1458a5f1dd2d7fb9aae7e
-
SHA256
31132e73affcfbc84a0639632638bfa0eb4d01caf9e2dd5fafb8c2c4a2572a07
-
SHA512
2216691ede43d347eecd8e148066d83190bd1c01851d2313f0f6605a6e0f8dcfe9188fd5b659ec5a1791ad0d63bce5fb325171531eaa172af5a8b1547a6910f1
-
SSDEEP
12288:XMruy90yHLhArK3VbMmbVNuy565hLuF5W6MEp/EAGuvKFm2figzvn6b9r:1ypHlnbVBEfaF5W6/bWm2agwr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-