General
-
Target
7e9e97a90c649328640d538e38b9827616ae471702abea19dd6277a4be6adda3
-
Size
689KB
-
Sample
230328-fw3rlsha88
-
MD5
aff49938f4de1337d7b57b9bd7dd4901
-
SHA1
4771af15d4cc7e3e5e5e78cfe59df7239de81b5a
-
SHA256
7e9e97a90c649328640d538e38b9827616ae471702abea19dd6277a4be6adda3
-
SHA512
6d8c1d2d5afde219b720cd3d5e03f0ac10cb174a06235f0c8fbb9f3142aef7530ee973c4de69208576885359cfc4495c90fb1ade66aa9e09ef137c7ad3a10dac
-
SSDEEP
12288:UMrpy906fHlyCfsTLyn65hLu6phC987IWRb9aD1UKcamJXvyFqJfigYJ/BV:NyJfHlBf426fa6yIIMb9aDaGmJXuqJan
Static task
static1
Behavioral task
behavioral1
Sample
7e9e97a90c649328640d538e38b9827616ae471702abea19dd6277a4be6adda3.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
7e9e97a90c649328640d538e38b9827616ae471702abea19dd6277a4be6adda3
-
Size
689KB
-
MD5
aff49938f4de1337d7b57b9bd7dd4901
-
SHA1
4771af15d4cc7e3e5e5e78cfe59df7239de81b5a
-
SHA256
7e9e97a90c649328640d538e38b9827616ae471702abea19dd6277a4be6adda3
-
SHA512
6d8c1d2d5afde219b720cd3d5e03f0ac10cb174a06235f0c8fbb9f3142aef7530ee973c4de69208576885359cfc4495c90fb1ade66aa9e09ef137c7ad3a10dac
-
SSDEEP
12288:UMrpy906fHlyCfsTLyn65hLu6phC987IWRb9aD1UKcamJXvyFqJfigYJ/BV:NyJfHlBf426fa6yIIMb9aDaGmJXuqJan
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-