General
-
Target
d853f53be5a10784115daec17a12bc3b057db3ba6ad616a3ae3f174f434a64c5
-
Size
682KB
-
Sample
230328-k8wahsbh2s
-
MD5
0d6040de3aec3c4e81260e7217f6eb1f
-
SHA1
95f6dcf1636a96e6b76c690f9fbd81f865ae2e9d
-
SHA256
d853f53be5a10784115daec17a12bc3b057db3ba6ad616a3ae3f174f434a64c5
-
SHA512
ee88c188755a4f5edeed15a26689b5f449135ac42a2d4af066367d861dc31ce6512b8301696f1cbaeb632ea2968b19fbdda89a217993a3138a536586c81333fe
-
SSDEEP
12288:DMr7y90b2sjFr4XlqpcwEkkBZRBKwBsaIpw1GEQ9U4BmQL36bOn/t:YyG5r4XscwEkeRBKEswYEU9mQLqaF
Static task
static1
Behavioral task
behavioral1
Sample
d853f53be5a10784115daec17a12bc3b057db3ba6ad616a3ae3f174f434a64c5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
d853f53be5a10784115daec17a12bc3b057db3ba6ad616a3ae3f174f434a64c5
-
Size
682KB
-
MD5
0d6040de3aec3c4e81260e7217f6eb1f
-
SHA1
95f6dcf1636a96e6b76c690f9fbd81f865ae2e9d
-
SHA256
d853f53be5a10784115daec17a12bc3b057db3ba6ad616a3ae3f174f434a64c5
-
SHA512
ee88c188755a4f5edeed15a26689b5f449135ac42a2d4af066367d861dc31ce6512b8301696f1cbaeb632ea2968b19fbdda89a217993a3138a536586c81333fe
-
SSDEEP
12288:DMr7y90b2sjFr4XlqpcwEkkBZRBKwBsaIpw1GEQ9U4BmQL36bOn/t:YyG5r4XscwEkeRBKEswYEU9mQLqaF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-