General
-
Target
60c752cb346b4a958ef6d383f35e1870662a08c3b25a1a89ba0cb2a314d0f1d3
-
Size
939KB
-
Sample
230410-yxx7maga33
-
MD5
4b9732e0c41206fe010962887f003787
-
SHA1
07ef17f1206e8037eaabfadf5855bdfb06a9ccdb
-
SHA256
60c752cb346b4a958ef6d383f35e1870662a08c3b25a1a89ba0cb2a314d0f1d3
-
SHA512
747924d751068d15bc8504a73d3cc0c60b7c779a71506ed49e94b2a4fc89d5371ebf07dd4ef1d1b62afbb7cba90ec222a9fa40b32609e4debd7024c109edb8ce
-
SSDEEP
24576:5yGStxUgbNQ+Vfchah5/k+OH4TlIDPwIbf:sGSPNQuZh58+OHUIx
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
60c752cb346b4a958ef6d383f35e1870662a08c3b25a1a89ba0cb2a314d0f1d3
-
Size
939KB
-
MD5
4b9732e0c41206fe010962887f003787
-
SHA1
07ef17f1206e8037eaabfadf5855bdfb06a9ccdb
-
SHA256
60c752cb346b4a958ef6d383f35e1870662a08c3b25a1a89ba0cb2a314d0f1d3
-
SHA512
747924d751068d15bc8504a73d3cc0c60b7c779a71506ed49e94b2a4fc89d5371ebf07dd4ef1d1b62afbb7cba90ec222a9fa40b32609e4debd7024c109edb8ce
-
SSDEEP
24576:5yGStxUgbNQ+Vfchah5/k+OH4TlIDPwIbf:sGSPNQuZh58+OHUIx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-