General
-
Target
bc5c076c93035a52889da3b1ecc318ebf6f180d0381d28d963db54fe45e2b82b
-
Size
694KB
-
Sample
230328-hl165shd93
-
MD5
1eef9d97977648a513c854823f50aa39
-
SHA1
fc1f05e3d437c75a0c2dbfaaa62b0f3e6330c3b0
-
SHA256
bc5c076c93035a52889da3b1ecc318ebf6f180d0381d28d963db54fe45e2b82b
-
SHA512
e88915c7adaa8ea41dce0d317f59fe5f0a886b9f7da417e8dbf06db66e56e7953012e6f9d7c57579a0777982fee48d88546649bc36da28ad17cb514944eddafb
-
SSDEEP
12288:Zt0qsEAq3kh0snRy24PG5fgCo//RccvbiOpIWaEx7rOJZo+d+pOpB:YTPq0hpnUleChFDdp9aS7rOJ2G+EH
Static task
static1
Behavioral task
behavioral1
Sample
bc5c076c93035a52889da3b1ecc318ebf6f180d0381d28d963db54fe45e2b82b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
bc5c076c93035a52889da3b1ecc318ebf6f180d0381d28d963db54fe45e2b82b
-
Size
694KB
-
MD5
1eef9d97977648a513c854823f50aa39
-
SHA1
fc1f05e3d437c75a0c2dbfaaa62b0f3e6330c3b0
-
SHA256
bc5c076c93035a52889da3b1ecc318ebf6f180d0381d28d963db54fe45e2b82b
-
SHA512
e88915c7adaa8ea41dce0d317f59fe5f0a886b9f7da417e8dbf06db66e56e7953012e6f9d7c57579a0777982fee48d88546649bc36da28ad17cb514944eddafb
-
SSDEEP
12288:Zt0qsEAq3kh0snRy24PG5fgCo//RccvbiOpIWaEx7rOJZo+d+pOpB:YTPq0hpnUleChFDdp9aS7rOJ2G+EH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-