General
-
Target
5e4ebf39b68ee065486f566c41927a65db5aeb9a688b738a47ec36bf21b2c2b3
-
Size
924KB
-
Sample
230409-yxtt7sch43
-
MD5
4e3a882385f223f67be5123b973507be
-
SHA1
22d5ee7eaf57b11d60b3038c76cab111f6923535
-
SHA256
5e4ebf39b68ee065486f566c41927a65db5aeb9a688b738a47ec36bf21b2c2b3
-
SHA512
68e009c9f664a23dbf21078165e3aaa0c67796045a469b9e16a58b3d30d314ef509fd36b77ea9cfe6077867d40c4f47a661b44bc640b00173d35a4a19613ff73
-
SSDEEP
24576:+y6Wlmv7AbRk1Y4r0/KzqSpuz8xMl+yLg3Hp6m+echzC:NvlmjAK1Y4rmrz+MRw8DJ
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
5e4ebf39b68ee065486f566c41927a65db5aeb9a688b738a47ec36bf21b2c2b3
-
Size
924KB
-
MD5
4e3a882385f223f67be5123b973507be
-
SHA1
22d5ee7eaf57b11d60b3038c76cab111f6923535
-
SHA256
5e4ebf39b68ee065486f566c41927a65db5aeb9a688b738a47ec36bf21b2c2b3
-
SHA512
68e009c9f664a23dbf21078165e3aaa0c67796045a469b9e16a58b3d30d314ef509fd36b77ea9cfe6077867d40c4f47a661b44bc640b00173d35a4a19613ff73
-
SSDEEP
24576:+y6Wlmv7AbRk1Y4r0/KzqSpuz8xMl+yLg3Hp6m+echzC:NvlmjAK1Y4rmrz+MRw8DJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-