General
-
Target
241920c707e1181e82cf8526a8e8c3b02ec2cf141b31ff446b69c99bb5d3e109
-
Size
689KB
-
Sample
230328-e1c63sag3t
-
MD5
19432416a2299fc0101f668d147e85c5
-
SHA1
721baf06cb5a863332f405ef3e9d9ca7e1bfb985
-
SHA256
241920c707e1181e82cf8526a8e8c3b02ec2cf141b31ff446b69c99bb5d3e109
-
SHA512
babc177b27f3575e354494a8722967360bdd4175f8eeff287538db751b0881502cf64e799174fdd05cecb152ef9a6fc8b198b45546d517d990589b1a168881b3
-
SSDEEP
12288:hMrdy90yKe4ydxr8yi7kC45Hyp65hLunsMSKI3V0ZCawv1FpafigpV0g21GAm7x:sy/bBtUkC8SUfansLZ3V0Bw3paagQEx
Static task
static1
Behavioral task
behavioral1
Sample
241920c707e1181e82cf8526a8e8c3b02ec2cf141b31ff446b69c99bb5d3e109.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
241920c707e1181e82cf8526a8e8c3b02ec2cf141b31ff446b69c99bb5d3e109
-
Size
689KB
-
MD5
19432416a2299fc0101f668d147e85c5
-
SHA1
721baf06cb5a863332f405ef3e9d9ca7e1bfb985
-
SHA256
241920c707e1181e82cf8526a8e8c3b02ec2cf141b31ff446b69c99bb5d3e109
-
SHA512
babc177b27f3575e354494a8722967360bdd4175f8eeff287538db751b0881502cf64e799174fdd05cecb152ef9a6fc8b198b45546d517d990589b1a168881b3
-
SSDEEP
12288:hMrdy90yKe4ydxr8yi7kC45Hyp65hLunsMSKI3V0ZCawv1FpafigpV0g21GAm7x:sy/bBtUkC8SUfansLZ3V0Bw3paagQEx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-