General
-
Target
d1828b43c9c8e708261943174fefb05104bed2440aa1fe56401bf5fa91800098
-
Size
941KB
-
Sample
230410-yzlavaga37
-
MD5
b70e69da61753d54584199b2b91bd4b1
-
SHA1
5acf25fe572188f5b1b7a184465dfb61a336fc8f
-
SHA256
d1828b43c9c8e708261943174fefb05104bed2440aa1fe56401bf5fa91800098
-
SHA512
eebc0c3ba220dbfc644256f2b548f975ec044e338171989078f97a30f10b8479a0c92e5346ff3df828d0990873eace9174d550d7f9f66e9d154ba9dc9296c555
-
SSDEEP
24576:7yQC+bfJCgwwN4lTrRovtfqJINnrA/0zN7tzLi5l:uQxfJCgn4l/RotcA40Z7pa
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
d1828b43c9c8e708261943174fefb05104bed2440aa1fe56401bf5fa91800098
-
Size
941KB
-
MD5
b70e69da61753d54584199b2b91bd4b1
-
SHA1
5acf25fe572188f5b1b7a184465dfb61a336fc8f
-
SHA256
d1828b43c9c8e708261943174fefb05104bed2440aa1fe56401bf5fa91800098
-
SHA512
eebc0c3ba220dbfc644256f2b548f975ec044e338171989078f97a30f10b8479a0c92e5346ff3df828d0990873eace9174d550d7f9f66e9d154ba9dc9296c555
-
SSDEEP
24576:7yQC+bfJCgwwN4lTrRovtfqJINnrA/0zN7tzLi5l:uQxfJCgn4l/RotcA40Z7pa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-