General
-
Target
69aa5a77c1bd855eea3803d8e89ce754432fd667a39940e8b1d122c6f97a96d3
-
Size
690KB
-
Sample
230328-fg6jysag8w
-
MD5
e3a20848e167c677f90121527a27cb4c
-
SHA1
c72d0512dfb2c0e88607f0b5f644f7d4c4b62a0e
-
SHA256
69aa5a77c1bd855eea3803d8e89ce754432fd667a39940e8b1d122c6f97a96d3
-
SHA512
ade95602919bc863e7a9d1b9f4dd1fccb37470b3a0b9bf33fe516e689f0c2c5acbf5ebe39236e971c13e9c6d6ce4509a1e9100b0d0e7b505eecfa65b10713b9e
-
SSDEEP
12288:oMrOy9085aY1fsFkfFy065hLuwkqK33uSHhWoPGLkpezlOv1FVSfig06CKRF3kdL:mymYGF/7fawzKnuulUkpcOnVSagzTcZv
Static task
static1
Behavioral task
behavioral1
Sample
69aa5a77c1bd855eea3803d8e89ce754432fd667a39940e8b1d122c6f97a96d3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
69aa5a77c1bd855eea3803d8e89ce754432fd667a39940e8b1d122c6f97a96d3
-
Size
690KB
-
MD5
e3a20848e167c677f90121527a27cb4c
-
SHA1
c72d0512dfb2c0e88607f0b5f644f7d4c4b62a0e
-
SHA256
69aa5a77c1bd855eea3803d8e89ce754432fd667a39940e8b1d122c6f97a96d3
-
SHA512
ade95602919bc863e7a9d1b9f4dd1fccb37470b3a0b9bf33fe516e689f0c2c5acbf5ebe39236e971c13e9c6d6ce4509a1e9100b0d0e7b505eecfa65b10713b9e
-
SSDEEP
12288:oMrOy9085aY1fsFkfFy065hLuwkqK33uSHhWoPGLkpezlOv1FVSfig06CKRF3kdL:mymYGF/7fawzKnuulUkpcOnVSagzTcZv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-