General
-
Target
58e48db3057c0c5a1e2fbfc725680ea54145377ce739f8d53601663ab5152392
-
Size
684KB
-
Sample
230328-ka1scabf2w
-
MD5
216f79ce0dbdbc2b23080d74063c8bb5
-
SHA1
5f45d182f3145a385a33551854cebdb29bf0667e
-
SHA256
58e48db3057c0c5a1e2fbfc725680ea54145377ce739f8d53601663ab5152392
-
SHA512
9fb77d31a62b627aad682cd71a9cf7bb41c2020cb98aa91455b1c79bf4546a19b951163d3a8528eeae9b96276f3b4c1b367580a8be49ee216a48e6819b0babda
-
SSDEEP
12288:JMrOy90vW/RGdM+xD+LKYMAKDsNWBJUyembL3wid1N:3yQyRsb+rKDsNWBJ+mbLgeN
Static task
static1
Behavioral task
behavioral1
Sample
58e48db3057c0c5a1e2fbfc725680ea54145377ce739f8d53601663ab5152392.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
58e48db3057c0c5a1e2fbfc725680ea54145377ce739f8d53601663ab5152392
-
Size
684KB
-
MD5
216f79ce0dbdbc2b23080d74063c8bb5
-
SHA1
5f45d182f3145a385a33551854cebdb29bf0667e
-
SHA256
58e48db3057c0c5a1e2fbfc725680ea54145377ce739f8d53601663ab5152392
-
SHA512
9fb77d31a62b627aad682cd71a9cf7bb41c2020cb98aa91455b1c79bf4546a19b951163d3a8528eeae9b96276f3b4c1b367580a8be49ee216a48e6819b0babda
-
SSDEEP
12288:JMrOy90vW/RGdM+xD+LKYMAKDsNWBJUyembL3wid1N:3yQyRsb+rKDsNWBJ+mbLgeN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-