General
-
Target
f95d7d66c0e724ad6454441d41039d7c97abf21e18275cc6e4f06338b43a50d4
-
Size
690KB
-
Sample
230328-dx2jtsgg46
-
MD5
99863671d32b6ff3ac043dc03730b0d9
-
SHA1
836de08bda54b36840828a44a05452d37fe5f23d
-
SHA256
f95d7d66c0e724ad6454441d41039d7c97abf21e18275cc6e4f06338b43a50d4
-
SHA512
09a16481334dfbb20a81b363c67cfc2b1b6fb505e8495026ed3b657372663f3fb3f4b00b3cfd3c7724e34a43070524f9271dfd5c09f1df38c8ada4a8df2a37bb
-
SSDEEP
12288:MMray90YugCRuPt1Gxg/fHrdrCya65hLulo1GMSKI3Vh6rVvIFNsfigdwMzh2jo6:Oyt0u1wKrxPpfalcGLZ3Vh6RQNsagxhC
Static task
static1
Behavioral task
behavioral1
Sample
f95d7d66c0e724ad6454441d41039d7c97abf21e18275cc6e4f06338b43a50d4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
f95d7d66c0e724ad6454441d41039d7c97abf21e18275cc6e4f06338b43a50d4
-
Size
690KB
-
MD5
99863671d32b6ff3ac043dc03730b0d9
-
SHA1
836de08bda54b36840828a44a05452d37fe5f23d
-
SHA256
f95d7d66c0e724ad6454441d41039d7c97abf21e18275cc6e4f06338b43a50d4
-
SHA512
09a16481334dfbb20a81b363c67cfc2b1b6fb505e8495026ed3b657372663f3fb3f4b00b3cfd3c7724e34a43070524f9271dfd5c09f1df38c8ada4a8df2a37bb
-
SSDEEP
12288:MMray90YugCRuPt1Gxg/fHrdrCya65hLulo1GMSKI3Vh6rVvIFNsfigdwMzh2jo6:Oyt0u1wKrxPpfalcGLZ3Vh6RQNsagxhC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-