General
-
Target
d0c99f8d0b4958259da0d2da15ecf5b03f44f71ad6a7d5a562a747b289ca7ea0
-
Size
682KB
-
Sample
230328-hrqbtsbc4t
-
MD5
4f1d194583415d39a7578a4c22373d29
-
SHA1
6a10c8444b8e5488565a89832f2ea87c6b07bba8
-
SHA256
d0c99f8d0b4958259da0d2da15ecf5b03f44f71ad6a7d5a562a747b289ca7ea0
-
SHA512
98cb51383de2185382c25c608be44eb0d578de9d652f93201b13c1611c4540453752b5d80292b283af5526c3fe4f488c1ec6477c3ff666b3a998bc3479bfe3c5
-
SSDEEP
12288:DMrly90QtyfZgYFYn3xXiwyZgixd70omCEAVAeePnTS48Wl8HdYu/Kihq9:qyLEyNhS9Zgi/7nLEAVANvTl6+u/Xh4
Static task
static1
Behavioral task
behavioral1
Sample
d0c99f8d0b4958259da0d2da15ecf5b03f44f71ad6a7d5a562a747b289ca7ea0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
d0c99f8d0b4958259da0d2da15ecf5b03f44f71ad6a7d5a562a747b289ca7ea0
-
Size
682KB
-
MD5
4f1d194583415d39a7578a4c22373d29
-
SHA1
6a10c8444b8e5488565a89832f2ea87c6b07bba8
-
SHA256
d0c99f8d0b4958259da0d2da15ecf5b03f44f71ad6a7d5a562a747b289ca7ea0
-
SHA512
98cb51383de2185382c25c608be44eb0d578de9d652f93201b13c1611c4540453752b5d80292b283af5526c3fe4f488c1ec6477c3ff666b3a998bc3479bfe3c5
-
SSDEEP
12288:DMrly90QtyfZgYFYn3xXiwyZgixd70omCEAVAeePnTS48Wl8HdYu/Kihq9:qyLEyNhS9Zgi/7nLEAVANvTl6+u/Xh4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-