General
-
Target
9a312c4842f686e4e35bf00934fbf3a0d46d3d76af216e06978048406815810a
-
Size
940KB
-
Sample
230410-y1gdaahe81
-
MD5
e16087743eebc53a87905df46125a260
-
SHA1
eb0ef78ba68c022e65c7f51c7a19f5a1c49dcb60
-
SHA256
9a312c4842f686e4e35bf00934fbf3a0d46d3d76af216e06978048406815810a
-
SHA512
e2b935516ae7238c72b82463ae5d6c93ec6cdb3f891d6a69fb506969f7b2581d9afd74c57cc4baed0c229d8d06821652aaf1ca7f707b0636ae706034e88521ef
-
SSDEEP
24576:AyBZjFGPBAg9i5SIBQfM8Yb0IEY49UE1NJiWQXC:HBJFGpdi9QfM8V59U8NAW
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
9a312c4842f686e4e35bf00934fbf3a0d46d3d76af216e06978048406815810a
-
Size
940KB
-
MD5
e16087743eebc53a87905df46125a260
-
SHA1
eb0ef78ba68c022e65c7f51c7a19f5a1c49dcb60
-
SHA256
9a312c4842f686e4e35bf00934fbf3a0d46d3d76af216e06978048406815810a
-
SHA512
e2b935516ae7238c72b82463ae5d6c93ec6cdb3f891d6a69fb506969f7b2581d9afd74c57cc4baed0c229d8d06821652aaf1ca7f707b0636ae706034e88521ef
-
SSDEEP
24576:AyBZjFGPBAg9i5SIBQfM8Yb0IEY49UE1NJiWQXC:HBJFGpdi9QfM8V59U8NAW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-