General
-
Target
f0dd8f4d0c36a0e3e2a7c9f5c9a39bdaedb3864632491aa04e59bef957a9ada5
-
Size
683KB
-
Sample
230328-kr22qsbg2w
-
MD5
d5b62f399e3a8519aab01f34fb802d29
-
SHA1
5a651a033550f74bad8af4eea328dfcbecb8fe5d
-
SHA256
f0dd8f4d0c36a0e3e2a7c9f5c9a39bdaedb3864632491aa04e59bef957a9ada5
-
SHA512
3b2881459c07de3aceded7ca905cb74d62cbeb7e35572d70499de57fe38953ddbc45bde06ddd18ab8ea405d8ba0078b78b7f93ba802c2895239031b79fe4e713
-
SSDEEP
12288:TMrIy905N85DQOJWYdf7pbOxHbopXTsezxU/gmuL3/jO4hhj:nyQiLVmcpXTsezx7muLva4hB
Static task
static1
Behavioral task
behavioral1
Sample
f0dd8f4d0c36a0e3e2a7c9f5c9a39bdaedb3864632491aa04e59bef957a9ada5.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
f0dd8f4d0c36a0e3e2a7c9f5c9a39bdaedb3864632491aa04e59bef957a9ada5
-
Size
683KB
-
MD5
d5b62f399e3a8519aab01f34fb802d29
-
SHA1
5a651a033550f74bad8af4eea328dfcbecb8fe5d
-
SHA256
f0dd8f4d0c36a0e3e2a7c9f5c9a39bdaedb3864632491aa04e59bef957a9ada5
-
SHA512
3b2881459c07de3aceded7ca905cb74d62cbeb7e35572d70499de57fe38953ddbc45bde06ddd18ab8ea405d8ba0078b78b7f93ba802c2895239031b79fe4e713
-
SSDEEP
12288:TMrIy905N85DQOJWYdf7pbOxHbopXTsezxU/gmuL3/jO4hhj:nyQiLVmcpXTsezx7muLva4hB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-