General
-
Target
db14e4762f76deb03acdf0c9964d6d5f3bc014cdac45744c601a553af7407854
-
Size
690KB
-
Sample
230328-em11zsaf8t
-
MD5
debb5c08af9a7d0debcac4a7c9e9f9ae
-
SHA1
1ac93686603cb2955c849903b7523bffb62099dd
-
SHA256
db14e4762f76deb03acdf0c9964d6d5f3bc014cdac45744c601a553af7407854
-
SHA512
7ff9ff6ba984809d0f9cab98a64555aeb485cd6156aba7e9433bbfbc470b22b1cb1718ed456a1b24c20a3a0965c905202423fc10e546f17ce5fd86fa42fa0a55
-
SSDEEP
12288:oMray90WylFne3zMW7X6VeyP65hLuj+hJjNvl5cXmevQF4Efig0zk2AFcj:yySeQE6dCfajGR95cWeI4EagkkI
Static task
static1
Behavioral task
behavioral1
Sample
db14e4762f76deb03acdf0c9964d6d5f3bc014cdac45744c601a553af7407854.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
db14e4762f76deb03acdf0c9964d6d5f3bc014cdac45744c601a553af7407854
-
Size
690KB
-
MD5
debb5c08af9a7d0debcac4a7c9e9f9ae
-
SHA1
1ac93686603cb2955c849903b7523bffb62099dd
-
SHA256
db14e4762f76deb03acdf0c9964d6d5f3bc014cdac45744c601a553af7407854
-
SHA512
7ff9ff6ba984809d0f9cab98a64555aeb485cd6156aba7e9433bbfbc470b22b1cb1718ed456a1b24c20a3a0965c905202423fc10e546f17ce5fd86fa42fa0a55
-
SSDEEP
12288:oMray90WylFne3zMW7X6VeyP65hLuj+hJjNvl5cXmevQF4Efig0zk2AFcj:yySeQE6dCfajGR95cWeI4EagkkI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-