General
-
Target
621d2debe8fa25cb6d1ca416949cca088748600bc1993541253ea60e49c18cf0
-
Size
800KB
-
Sample
230410-z4qlssgc89
-
MD5
bf34f191c72b13d1bc7b154aa5e0664a
-
SHA1
cd57bc8e791bddc1719cd696fb3cc58a7941bed9
-
SHA256
621d2debe8fa25cb6d1ca416949cca088748600bc1993541253ea60e49c18cf0
-
SHA512
9e11a4040e84959cb8c9f3a40960f164391262f8193b2da789067c1ce890264422abb733e239de7aa08377c377fffaf3d6c539db34f920beae85b47717c4f22b
-
SSDEEP
24576:fyHvZFVS9C8cYSuxfc3Avr6FDswnbZHHTr1:qHvg9C8cYRx5PQF
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
621d2debe8fa25cb6d1ca416949cca088748600bc1993541253ea60e49c18cf0
-
Size
800KB
-
MD5
bf34f191c72b13d1bc7b154aa5e0664a
-
SHA1
cd57bc8e791bddc1719cd696fb3cc58a7941bed9
-
SHA256
621d2debe8fa25cb6d1ca416949cca088748600bc1993541253ea60e49c18cf0
-
SHA512
9e11a4040e84959cb8c9f3a40960f164391262f8193b2da789067c1ce890264422abb733e239de7aa08377c377fffaf3d6c539db34f920beae85b47717c4f22b
-
SSDEEP
24576:fyHvZFVS9C8cYSuxfc3Avr6FDswnbZHHTr1:qHvg9C8cYRx5PQF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-