General
-
Target
8e759ef1ad2a045ed8674b3706ac43f15e8df01b7715024630fdbc70a3403d1b
-
Size
802KB
-
Sample
230410-yv3dkafh96
-
MD5
54828af02734ff4fc3896e96a9abb4a1
-
SHA1
cd19085bc6b7feb4126e1d62e1b9d59ba23ab82f
-
SHA256
8e759ef1ad2a045ed8674b3706ac43f15e8df01b7715024630fdbc70a3403d1b
-
SHA512
8101fdf904040eb9c75de7f6e58200f7666d1429e03ef76be8bcb09cd0348c3c21ed7ef1e52c7630816243d1983c1d45313c5e6bb7e05e27b44ad0e491c35a5f
-
SSDEEP
12288:WMroy90+1jRH/fZO1J9SWAPiid5hDZ6tOiq6WUxK7CR8slebC5jrGvZrrGzs495a:KyV1hw/APrP6ttDxf7Eb0HGhmzdOP
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
8e759ef1ad2a045ed8674b3706ac43f15e8df01b7715024630fdbc70a3403d1b
-
Size
802KB
-
MD5
54828af02734ff4fc3896e96a9abb4a1
-
SHA1
cd19085bc6b7feb4126e1d62e1b9d59ba23ab82f
-
SHA256
8e759ef1ad2a045ed8674b3706ac43f15e8df01b7715024630fdbc70a3403d1b
-
SHA512
8101fdf904040eb9c75de7f6e58200f7666d1429e03ef76be8bcb09cd0348c3c21ed7ef1e52c7630816243d1983c1d45313c5e6bb7e05e27b44ad0e491c35a5f
-
SSDEEP
12288:WMroy90+1jRH/fZO1J9SWAPiid5hDZ6tOiq6WUxK7CR8slebC5jrGvZrrGzs495a:KyV1hw/APrP6ttDxf7Eb0HGhmzdOP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-