General
-
Target
32c8a3c760c8b5de3d5ac64df392d49180afeffbca14661c0f0c24e4149c13af
-
Size
689KB
-
Sample
230328-epqm2agh42
-
MD5
62108c95a4456bdbed240481a7d8556f
-
SHA1
b9cd7bfb17b6986b314acb054cc72049105e6952
-
SHA256
32c8a3c760c8b5de3d5ac64df392d49180afeffbca14661c0f0c24e4149c13af
-
SHA512
fd25d60b8f2520f02d8dc9299cea8cc0cab2828bc1510f11d5bb0f467ac45cf09ace0c9bb4efde5ca7d1e809178af86df9dc6ad2eb2e5d805ed88b0a64f48cb2
-
SSDEEP
12288:QMrdy90h501D2VG8Ulzyb65hLutw8oaSzIiSGmJLvqFxwfig7KPEVa9mcqLD:dyBUVKuGfavsTmJLWxwagMEs9mcCD
Static task
static1
Behavioral task
behavioral1
Sample
32c8a3c760c8b5de3d5ac64df392d49180afeffbca14661c0f0c24e4149c13af.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
32c8a3c760c8b5de3d5ac64df392d49180afeffbca14661c0f0c24e4149c13af
-
Size
689KB
-
MD5
62108c95a4456bdbed240481a7d8556f
-
SHA1
b9cd7bfb17b6986b314acb054cc72049105e6952
-
SHA256
32c8a3c760c8b5de3d5ac64df392d49180afeffbca14661c0f0c24e4149c13af
-
SHA512
fd25d60b8f2520f02d8dc9299cea8cc0cab2828bc1510f11d5bb0f467ac45cf09ace0c9bb4efde5ca7d1e809178af86df9dc6ad2eb2e5d805ed88b0a64f48cb2
-
SSDEEP
12288:QMrdy90h501D2VG8Ulzyb65hLutw8oaSzIiSGmJLvqFxwfig7KPEVa9mcqLD:dyBUVKuGfavsTmJLWxwagMEs9mcCD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-