General
-
Target
d92f18c454696df3f792c77db9f22f23f05e46e63999016d5642654e154430b6
-
Size
689KB
-
Sample
230328-ej6gasgh32
-
MD5
1a4850e6c05bad88218cedf0f3cb1409
-
SHA1
d7e71dbb1891ce26b29278bb1ad26fa40ebdb43e
-
SHA256
d92f18c454696df3f792c77db9f22f23f05e46e63999016d5642654e154430b6
-
SHA512
e16767d4c4029529affee34793fbed4094c6712a378e6b4bdde1afda2b42a4642a83ffa45be58dbd3c60aad5eae4aecfa810f368cfae3bd6b5a748d3a2b7c401
-
SSDEEP
12288:LMray900bYq6G2zr1jHaBApyB65hLufDM3+D22bgzV5hvBFmWfighOUVIbgrg+:ByJb76G6NDgMfaG+D2Lx7jmWagXV2c
Static task
static1
Behavioral task
behavioral1
Sample
d92f18c454696df3f792c77db9f22f23f05e46e63999016d5642654e154430b6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
d92f18c454696df3f792c77db9f22f23f05e46e63999016d5642654e154430b6
-
Size
689KB
-
MD5
1a4850e6c05bad88218cedf0f3cb1409
-
SHA1
d7e71dbb1891ce26b29278bb1ad26fa40ebdb43e
-
SHA256
d92f18c454696df3f792c77db9f22f23f05e46e63999016d5642654e154430b6
-
SHA512
e16767d4c4029529affee34793fbed4094c6712a378e6b4bdde1afda2b42a4642a83ffa45be58dbd3c60aad5eae4aecfa810f368cfae3bd6b5a748d3a2b7c401
-
SSDEEP
12288:LMray900bYq6G2zr1jHaBApyB65hLufDM3+D22bgzV5hvBFmWfighOUVIbgrg+:ByJb76G6NDgMfaG+D2Lx7jmWagXV2c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-