General
-
Target
e67eb25cb317eec396266c893ed7383b44ee4f953549f86402681150c176941c
-
Size
801KB
-
Sample
230410-z6embagd22
-
MD5
0ba3a514344293b2931b1ad119810782
-
SHA1
d9cf56390cc9e2eb4a301121dccb17ec59896bca
-
SHA256
e67eb25cb317eec396266c893ed7383b44ee4f953549f86402681150c176941c
-
SHA512
08d55f12418fa012ae82e0c91934d870c1f7c2f74c92984ceec84f1904bdb7da61e3920dcddc48daf07512d3ab4efe6f6e1f3b3296e6d8fd33d5c5ee0e532ffc
-
SSDEEP
12288:AMr6y90l0QIatUJndK1pocYxK7C8MrEfkRkO7yf1TuJTELLZi6iCkJN:qy80WUJOoxxfvx741TKWw6EH
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
e67eb25cb317eec396266c893ed7383b44ee4f953549f86402681150c176941c
-
Size
801KB
-
MD5
0ba3a514344293b2931b1ad119810782
-
SHA1
d9cf56390cc9e2eb4a301121dccb17ec59896bca
-
SHA256
e67eb25cb317eec396266c893ed7383b44ee4f953549f86402681150c176941c
-
SHA512
08d55f12418fa012ae82e0c91934d870c1f7c2f74c92984ceec84f1904bdb7da61e3920dcddc48daf07512d3ab4efe6f6e1f3b3296e6d8fd33d5c5ee0e532ffc
-
SSDEEP
12288:AMr6y90l0QIatUJndK1pocYxK7C8MrEfkRkO7yf1TuJTELLZi6iCkJN:qy80WUJOoxxfvx741TKWw6EH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-