General
-
Target
14d84b7e568bf84dbe59d3b0b19ee6ccb00abafd2bb8ae232cc16757a3cbf3cc
-
Size
684KB
-
Sample
230328-hvcj5she45
-
MD5
a20f45102500172c01a958456a208210
-
SHA1
4aeeb8ac7d3f102a9645711b83b01d407fa042a4
-
SHA256
14d84b7e568bf84dbe59d3b0b19ee6ccb00abafd2bb8ae232cc16757a3cbf3cc
-
SHA512
90f1a867db10be654720bf893a2685c4dc2ed18b5a0b65ac41e06e635cdf7b79b08d7726383a48308e831d42bc89cad3d52cd1e900a68ae538feac9b5a118b0f
-
SSDEEP
12288:VMrcy90H4dvlin/VqiyqbHddqf6StaTHLiDmyhWRaC54lWyytsbp:5yxd9i9q3qb9dJrsqaCK8Ap
Static task
static1
Behavioral task
behavioral1
Sample
14d84b7e568bf84dbe59d3b0b19ee6ccb00abafd2bb8ae232cc16757a3cbf3cc.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
14d84b7e568bf84dbe59d3b0b19ee6ccb00abafd2bb8ae232cc16757a3cbf3cc
-
Size
684KB
-
MD5
a20f45102500172c01a958456a208210
-
SHA1
4aeeb8ac7d3f102a9645711b83b01d407fa042a4
-
SHA256
14d84b7e568bf84dbe59d3b0b19ee6ccb00abafd2bb8ae232cc16757a3cbf3cc
-
SHA512
90f1a867db10be654720bf893a2685c4dc2ed18b5a0b65ac41e06e635cdf7b79b08d7726383a48308e831d42bc89cad3d52cd1e900a68ae538feac9b5a118b0f
-
SSDEEP
12288:VMrcy90H4dvlin/VqiyqbHddqf6StaTHLiDmyhWRaC54lWyytsbp:5yxd9i9q3qb9dJrsqaCK8Ap
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-