General
-
Target
4cb83da0aa1adc4922979ccb7bf8f9f573ca542e047dabd2d8bebdbc48f9f669
-
Size
685KB
-
Sample
230328-j9fqsahg88
-
MD5
6b78671b4f7bd6551049e83a1b7fd8f9
-
SHA1
cbd9bacb95b6d9f38945d8e431fadf4919472cf3
-
SHA256
4cb83da0aa1adc4922979ccb7bf8f9f573ca542e047dabd2d8bebdbc48f9f669
-
SHA512
069b93ba38da4400eb607913b5c7acfd51213d5bcaaa77c44616100006bb47ebbc69805b080540938975dbb43e54da1554641b8b5668729abb4af4ae5aba4147
-
SSDEEP
12288:+MrOy90asFkYxmbqcYFBOCcj6yjCfER55Y3MSJVUU4m/L3DwEQ:kyPIkcpcYPPIjCs5W7JVqm/Lcv
Static task
static1
Behavioral task
behavioral1
Sample
4cb83da0aa1adc4922979ccb7bf8f9f573ca542e047dabd2d8bebdbc48f9f669.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
4cb83da0aa1adc4922979ccb7bf8f9f573ca542e047dabd2d8bebdbc48f9f669
-
Size
685KB
-
MD5
6b78671b4f7bd6551049e83a1b7fd8f9
-
SHA1
cbd9bacb95b6d9f38945d8e431fadf4919472cf3
-
SHA256
4cb83da0aa1adc4922979ccb7bf8f9f573ca542e047dabd2d8bebdbc48f9f669
-
SHA512
069b93ba38da4400eb607913b5c7acfd51213d5bcaaa77c44616100006bb47ebbc69805b080540938975dbb43e54da1554641b8b5668729abb4af4ae5aba4147
-
SSDEEP
12288:+MrOy90asFkYxmbqcYFBOCcj6yjCfER55Y3MSJVUU4m/L3DwEQ:kyPIkcpcYPPIjCs5W7JVqm/Lcv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-