General
-
Target
93a5d338087cb8075a8bd88e9f61e725e512335dfde80b04ceb3dc53dc65f713
-
Size
790KB
-
Sample
230410-1n5w8age25
-
MD5
5cf6cdb76bc843ce1cd2c6bbc60718ed
-
SHA1
9bed8d505f10d1f885c5a17a7c618bbee8206ae2
-
SHA256
93a5d338087cb8075a8bd88e9f61e725e512335dfde80b04ceb3dc53dc65f713
-
SHA512
ae8a9b322c66622bc2f735c43fa8e0f24e12ba36d41a4f3c9f63ee5a7a95e0a591209714c3e7101da230265c916c3c92c61918e55621404a48c4a8470aa91177
-
SSDEEP
24576:hyHYk5U6w00CB5oGZZTxfot5VZXnnblHHAGWaPdZ:UbS6w00ooGZZTxUPnJAGWaP
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
93a5d338087cb8075a8bd88e9f61e725e512335dfde80b04ceb3dc53dc65f713
-
Size
790KB
-
MD5
5cf6cdb76bc843ce1cd2c6bbc60718ed
-
SHA1
9bed8d505f10d1f885c5a17a7c618bbee8206ae2
-
SHA256
93a5d338087cb8075a8bd88e9f61e725e512335dfde80b04ceb3dc53dc65f713
-
SHA512
ae8a9b322c66622bc2f735c43fa8e0f24e12ba36d41a4f3c9f63ee5a7a95e0a591209714c3e7101da230265c916c3c92c61918e55621404a48c4a8470aa91177
-
SSDEEP
24576:hyHYk5U6w00CB5oGZZTxfot5VZXnnblHHAGWaPdZ:UbS6w00ooGZZTxUPnJAGWaP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-