General
-
Target
d0bff11b7a83d996227eaf27603f12298e8ccc3e5825250928d7345e3ba39a4e
-
Size
683KB
-
Sample
230328-k551jsaa72
-
MD5
0e21780ce7cf319fab34d81a89aaaf3b
-
SHA1
4dbcaf3142479ef0652624f2d26000f20cb01c32
-
SHA256
d0bff11b7a83d996227eaf27603f12298e8ccc3e5825250928d7345e3ba39a4e
-
SHA512
ef2a609c2258f717d516fe461e32184a4b3afe85cb5d8e15529ec73c99c70fea1bb02009f01efc70cd7427522d1a7db0525e4cf159d10395e3dd64631e1cedf2
-
SSDEEP
12288:5Mr+y90njDZKDfCV399Bm6bXxMIvZf/045ECUgdmAL3ddy:ryGjCCJQ6rxN/0CDmALtdy
Static task
static1
Behavioral task
behavioral1
Sample
d0bff11b7a83d996227eaf27603f12298e8ccc3e5825250928d7345e3ba39a4e.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
d0bff11b7a83d996227eaf27603f12298e8ccc3e5825250928d7345e3ba39a4e
-
Size
683KB
-
MD5
0e21780ce7cf319fab34d81a89aaaf3b
-
SHA1
4dbcaf3142479ef0652624f2d26000f20cb01c32
-
SHA256
d0bff11b7a83d996227eaf27603f12298e8ccc3e5825250928d7345e3ba39a4e
-
SHA512
ef2a609c2258f717d516fe461e32184a4b3afe85cb5d8e15529ec73c99c70fea1bb02009f01efc70cd7427522d1a7db0525e4cf159d10395e3dd64631e1cedf2
-
SSDEEP
12288:5Mr+y90njDZKDfCV399Bm6bXxMIvZf/045ECUgdmAL3ddy:ryGjCCJQ6rxN/0CDmALtdy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-