General
-
Target
893fc9c0be532e821b34b5894c68937293ea927da28be1267837c695e1332a0f
-
Size
687KB
-
Sample
230328-h5ahjabd2z
-
MD5
4b32bc6709823587a1e442364422eb14
-
SHA1
3c3b0cd70f179ec809db6bb70b0a88daefe691a6
-
SHA256
893fc9c0be532e821b34b5894c68937293ea927da28be1267837c695e1332a0f
-
SHA512
76e7770589d30f29c65b6d1fb60e489cb66bb574303ca38ef962d8188a9bb45b391a592876b6251ccf6c81bb7ddffaf7dd641415178b0df7505e9c497f28ac42
-
SSDEEP
12288:FMrcy90I65n0Kqzwjx46yjCp+R5gvPl839veU03uXmkipB5R:FyxKwwjyjCI5Et8NmpuXy5R
Static task
static1
Behavioral task
behavioral1
Sample
893fc9c0be532e821b34b5894c68937293ea927da28be1267837c695e1332a0f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
893fc9c0be532e821b34b5894c68937293ea927da28be1267837c695e1332a0f
-
Size
687KB
-
MD5
4b32bc6709823587a1e442364422eb14
-
SHA1
3c3b0cd70f179ec809db6bb70b0a88daefe691a6
-
SHA256
893fc9c0be532e821b34b5894c68937293ea927da28be1267837c695e1332a0f
-
SHA512
76e7770589d30f29c65b6d1fb60e489cb66bb574303ca38ef962d8188a9bb45b391a592876b6251ccf6c81bb7ddffaf7dd641415178b0df7505e9c497f28ac42
-
SSDEEP
12288:FMrcy90I65n0Kqzwjx46yjCp+R5gvPl839veU03uXmkipB5R:FyxKwwjyjCI5Et8NmpuXy5R
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-