General
-
Target
9d141e3a2812861f6d0f3ab8746af1078464ecf0b0859b406f6c3a74ce93051a
-
Size
683KB
-
Sample
230328-gzjzcahc74
-
MD5
179496f6bf718c1fd78dca23686929d5
-
SHA1
3c22ba99b6230f290f454fc53e11460be88d2b98
-
SHA256
9d141e3a2812861f6d0f3ab8746af1078464ecf0b0859b406f6c3a74ce93051a
-
SHA512
0ddf8883140bc0c40af0e5c8823662b6a6f641db3607ea09bcdefce3da09a02adcce5b7f1db0e13219f759bebf33252ae623f30d81993d5e913830321880b398
-
SSDEEP
12288:zMrty90fpXGvpMAhS6UfGDju1rfK2EY0gNaKLxRRg3PrR4bW6OTnOyXs:qyGepMAhnUfYjUDuKLxRATCCNs
Static task
static1
Behavioral task
behavioral1
Sample
9d141e3a2812861f6d0f3ab8746af1078464ecf0b0859b406f6c3a74ce93051a.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
9d141e3a2812861f6d0f3ab8746af1078464ecf0b0859b406f6c3a74ce93051a
-
Size
683KB
-
MD5
179496f6bf718c1fd78dca23686929d5
-
SHA1
3c22ba99b6230f290f454fc53e11460be88d2b98
-
SHA256
9d141e3a2812861f6d0f3ab8746af1078464ecf0b0859b406f6c3a74ce93051a
-
SHA512
0ddf8883140bc0c40af0e5c8823662b6a6f641db3607ea09bcdefce3da09a02adcce5b7f1db0e13219f759bebf33252ae623f30d81993d5e913830321880b398
-
SSDEEP
12288:zMrty90fpXGvpMAhS6UfGDju1rfK2EY0gNaKLxRRg3PrR4bW6OTnOyXs:qyGepMAhnUfYjUDuKLxRATCCNs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-