General
-
Target
9b7875b312780d517a24802b99acdadd21e3eada0f79475d34ef84407755c56d
-
Size
689KB
-
Sample
230328-eq933aaf9v
-
MD5
2419dd0f186338a198ee143ab8dd8363
-
SHA1
5fbbdc3e0218c31c073d293433938ea84f90edc0
-
SHA256
9b7875b312780d517a24802b99acdadd21e3eada0f79475d34ef84407755c56d
-
SHA512
9c926c4d103ae5172d73089781b80f5224d5da33dda5016aa71812ecfa13379d866294debcafc7bf26395ca8fcf537da63685378f913bcc6d86a550f0c55993c
-
SSDEEP
12288:rMr2y908rp0BhO1rjsVyc65hLu4fmeLf5zm2DwvTFKUfigTY5zl2bXx/yi:FyqhotDfa4ffxztDwpKUagmlYXxqi
Static task
static1
Behavioral task
behavioral1
Sample
9b7875b312780d517a24802b99acdadd21e3eada0f79475d34ef84407755c56d.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
9b7875b312780d517a24802b99acdadd21e3eada0f79475d34ef84407755c56d
-
Size
689KB
-
MD5
2419dd0f186338a198ee143ab8dd8363
-
SHA1
5fbbdc3e0218c31c073d293433938ea84f90edc0
-
SHA256
9b7875b312780d517a24802b99acdadd21e3eada0f79475d34ef84407755c56d
-
SHA512
9c926c4d103ae5172d73089781b80f5224d5da33dda5016aa71812ecfa13379d866294debcafc7bf26395ca8fcf537da63685378f913bcc6d86a550f0c55993c
-
SSDEEP
12288:rMr2y908rp0BhO1rjsVyc65hLu4fmeLf5zm2DwvTFKUfigTY5zl2bXx/yi:FyqhotDfa4ffxztDwpKUagmlYXxqi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-