General
-
Target
68ba6d5af3d879cd821ec56e3d6f6f47047e175f1df018d365606d7c1df63327
-
Size
940KB
-
Sample
230410-z717pshh4w
-
MD5
43ed72dd88b85aee45175ca7b4746a6a
-
SHA1
4b153dfe6369aab119a814a3f02d6bb2336df62e
-
SHA256
68ba6d5af3d879cd821ec56e3d6f6f47047e175f1df018d365606d7c1df63327
-
SHA512
5014f90dbffa505bafc35ef6857a7d511da585c344d71d50ad69a9d429f36242ea84c07a5a29082354d7f438e313676730c5fc5723c47da53910f95670b8534f
-
SSDEEP
24576:jyAs6Cl7NcW5bl6QpniZiIZuiFLffmmq+Od:2hDRywhn77iZx4
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
68ba6d5af3d879cd821ec56e3d6f6f47047e175f1df018d365606d7c1df63327
-
Size
940KB
-
MD5
43ed72dd88b85aee45175ca7b4746a6a
-
SHA1
4b153dfe6369aab119a814a3f02d6bb2336df62e
-
SHA256
68ba6d5af3d879cd821ec56e3d6f6f47047e175f1df018d365606d7c1df63327
-
SHA512
5014f90dbffa505bafc35ef6857a7d511da585c344d71d50ad69a9d429f36242ea84c07a5a29082354d7f438e313676730c5fc5723c47da53910f95670b8534f
-
SSDEEP
24576:jyAs6Cl7NcW5bl6QpniZiIZuiFLffmmq+Od:2hDRywhn77iZx4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-