General
-
Target
9263cb167a13835ce4e9a823ceb0d9174db935c672dd5c396e1c95e4a1d0b845
-
Size
939KB
-
Sample
230410-x65sdsfg39
-
MD5
b2ea987c7a7cab74ed6af78782155d0c
-
SHA1
ee9cab6e043da026d2971effb1c4f1a2c82127ee
-
SHA256
9263cb167a13835ce4e9a823ceb0d9174db935c672dd5c396e1c95e4a1d0b845
-
SHA512
25ae5f37ea03adef30ad4158b2457f7433ed379d2aa88a7e7f3d8f42c80e4157b28e0269e17e21ed87e63e1de7c522562368448f4cf2857a73b307d08e007263
-
SSDEEP
24576:dynNlZHj1wkMGKSic9l4d4efIjtdtfgJCZ4w:4nNlFZyA4d398Z
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
9263cb167a13835ce4e9a823ceb0d9174db935c672dd5c396e1c95e4a1d0b845
-
Size
939KB
-
MD5
b2ea987c7a7cab74ed6af78782155d0c
-
SHA1
ee9cab6e043da026d2971effb1c4f1a2c82127ee
-
SHA256
9263cb167a13835ce4e9a823ceb0d9174db935c672dd5c396e1c95e4a1d0b845
-
SHA512
25ae5f37ea03adef30ad4158b2457f7433ed379d2aa88a7e7f3d8f42c80e4157b28e0269e17e21ed87e63e1de7c522562368448f4cf2857a73b307d08e007263
-
SSDEEP
24576:dynNlZHj1wkMGKSic9l4d4efIjtdtfgJCZ4w:4nNlFZyA4d398Z
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-