General
-
Target
6da29a21821e833ce72b2dd627338d8538249466a494a0fe5a2ff21fb398b7d8
-
Size
685KB
-
Sample
230328-je4jcsbd8y
-
MD5
404a7f193917ea05525f870239a7a074
-
SHA1
b68c6c74ffc546b879b3445e8e6d4a8d044bfec7
-
SHA256
6da29a21821e833ce72b2dd627338d8538249466a494a0fe5a2ff21fb398b7d8
-
SHA512
fd18f6ca8c468ad357b73842dcc3dbda21cb3988203218f0f1c406ea6fd383ca1593746ab83c493cc1d71ea7c060859f247f813d409bcf029073f133b97dbf4f
-
SSDEEP
12288:SMrCy9099z4M0tuMg6yjC7WR5UZZ07EyDU1kmFL3V+6ca:syY9kP+jCy5Uc7jnmFLFV
Static task
static1
Behavioral task
behavioral1
Sample
6da29a21821e833ce72b2dd627338d8538249466a494a0fe5a2ff21fb398b7d8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
6da29a21821e833ce72b2dd627338d8538249466a494a0fe5a2ff21fb398b7d8
-
Size
685KB
-
MD5
404a7f193917ea05525f870239a7a074
-
SHA1
b68c6c74ffc546b879b3445e8e6d4a8d044bfec7
-
SHA256
6da29a21821e833ce72b2dd627338d8538249466a494a0fe5a2ff21fb398b7d8
-
SHA512
fd18f6ca8c468ad357b73842dcc3dbda21cb3988203218f0f1c406ea6fd383ca1593746ab83c493cc1d71ea7c060859f247f813d409bcf029073f133b97dbf4f
-
SSDEEP
12288:SMrCy9099z4M0tuMg6yjC7WR5UZZ07EyDU1kmFL3V+6ca:syY9kP+jCy5Uc7jnmFLFV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-