General
-
Target
1bfb25ea106b90d029f4822e733e881ad50bf0e2754a27052f19c4bfbcc178ff
-
Size
940KB
-
Sample
230410-y2dc1she9x
-
MD5
59ecda06d2977dc1e11d37bd6cb482f9
-
SHA1
53e8247ecea3e9730e9836ddf614ba915ed2f3d9
-
SHA256
1bfb25ea106b90d029f4822e733e881ad50bf0e2754a27052f19c4bfbcc178ff
-
SHA512
478e4388ddfb2982bc9ffeab3bb2b51b626aa0f6c374b18275a684643b8283a2f345da02fb4491386092bd4ac3b8e3f4ca4fab5b7014ba4f0a9375923a7c63b0
-
SSDEEP
24576:Nyn+aIhvCpzRAPyC7cx88/58IuR94yV3jStxHxy:on+hQpqPNs88Kd9l4xR
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
1bfb25ea106b90d029f4822e733e881ad50bf0e2754a27052f19c4bfbcc178ff
-
Size
940KB
-
MD5
59ecda06d2977dc1e11d37bd6cb482f9
-
SHA1
53e8247ecea3e9730e9836ddf614ba915ed2f3d9
-
SHA256
1bfb25ea106b90d029f4822e733e881ad50bf0e2754a27052f19c4bfbcc178ff
-
SHA512
478e4388ddfb2982bc9ffeab3bb2b51b626aa0f6c374b18275a684643b8283a2f345da02fb4491386092bd4ac3b8e3f4ca4fab5b7014ba4f0a9375923a7c63b0
-
SSDEEP
24576:Nyn+aIhvCpzRAPyC7cx88/58IuR94yV3jStxHxy:on+hQpqPNs88Kd9l4xR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-