General
-
Target
360cd8fb2e3c99d2d651f42411a1c024104fd191cc9eedbbe6975b89bf999a6b
-
Size
938KB
-
Sample
230410-y9h88sga86
-
MD5
0821bdb99698a1a91c254909761d0abb
-
SHA1
54d911e13203c6305e912fdc381c3dadd38d1b87
-
SHA256
360cd8fb2e3c99d2d651f42411a1c024104fd191cc9eedbbe6975b89bf999a6b
-
SHA512
eb7bf8523680cf229b8baa17f80563ab51ea8d9ff5910e9b3ac115e9ba9b04f0da73ed69bd504cc76c77416348e59df54e4f37cbcdb59a18f323db01624b9c2a
-
SSDEEP
12288:JMrSy906E+VILP6r67v+btENGYT4IK7CYsIf9yXurMUfST76JYGmbTlMd:Tya+rr6wtnYUIfYsIfUXurFSCJtd
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
360cd8fb2e3c99d2d651f42411a1c024104fd191cc9eedbbe6975b89bf999a6b
-
Size
938KB
-
MD5
0821bdb99698a1a91c254909761d0abb
-
SHA1
54d911e13203c6305e912fdc381c3dadd38d1b87
-
SHA256
360cd8fb2e3c99d2d651f42411a1c024104fd191cc9eedbbe6975b89bf999a6b
-
SHA512
eb7bf8523680cf229b8baa17f80563ab51ea8d9ff5910e9b3ac115e9ba9b04f0da73ed69bd504cc76c77416348e59df54e4f37cbcdb59a18f323db01624b9c2a
-
SSDEEP
12288:JMrSy906E+VILP6r67v+btENGYT4IK7CYsIf9yXurMUfST76JYGmbTlMd:Tya+rr6wtnYUIfYsIfUXurFSCJtd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-