General
-
Target
b1b9edba3110d3f6e1d37249f7c69ea5.bin
-
Size
632KB
-
Sample
230329-b15pjsec53
-
MD5
4bbe8986af6cf09a1e5598c2ef82d577
-
SHA1
2e03a172b3b756cd3261fda864abccd47363c45b
-
SHA256
1669b2f02005517b1da4e0ef4d4d2c3a47391789fc6bf28886bb0d0203c64115
-
SHA512
a3b13341e318be8980cf5a843366115d14e35e833563722c8b108514db290c84f0cbf9bbef32051a10c03cf97668f9b60c6e16f7a60dc11e94b9a33b9f691eb4
-
SSDEEP
12288:4nbrTxVm0hoe2k8DPnnCXZtph52nqx0nMwNDCh43zmaA9celDA:43LmhxKcqYbrmaAyiA
Static task
static1
Behavioral task
behavioral1
Sample
63b4f86f6e094ed68e2da3ecf003605e743105d3fab1f1992d3896bc9bf0c3eb.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
63b4f86f6e094ed68e2da3ecf003605e743105d3fab1f1992d3896bc9bf0c3eb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
63b4f86f6e094ed68e2da3ecf003605e743105d3fab1f1992d3896bc9bf0c3eb.exe
-
Size
675KB
-
MD5
b1b9edba3110d3f6e1d37249f7c69ea5
-
SHA1
805be968dd146cb68492d9a6759ba6551f555008
-
SHA256
63b4f86f6e094ed68e2da3ecf003605e743105d3fab1f1992d3896bc9bf0c3eb
-
SHA512
f4701376b91264b777db007ffe8dcbc0ce206765f0126487e2f944450687e48524d1edf1d7eca60231379f31ee4e20bc201e67552b2f594df6f41a2742cf1331
-
SSDEEP
12288:uMrsy90rGERgVYhFUUuG38kMcXBkFzW3WzNVNbo8kYZ0rWwaEJU46/BP:GyuiuBPRMcWFzbzTpJkvrWnb/5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-