General
-
Target
d2ecb95a0786ecc64b1f7cb3e1bf759122d0cdd14d8f19484bb0c15fdc5981d5
-
Size
939KB
-
Sample
230410-zc2vrahf6z
-
MD5
44ac2fd6c0048e8d6a8d6cc90fdf6439
-
SHA1
63dd52a5919cd769659a697fff0497dfb49d7923
-
SHA256
d2ecb95a0786ecc64b1f7cb3e1bf759122d0cdd14d8f19484bb0c15fdc5981d5
-
SHA512
f7a37b3e151c6a1559d992ad7ba83bc671e85a6faab4665c3970a48ae57a9ba99bf0ee99137a513c8ee17c12ca639f9b989e95a183dedd4b3a050757f38c672e
-
SSDEEP
24576:VyySWrjMOzwkHVa4fTjdIg9si8VVdwn1a4gxKYk:wHWPxc644fdwi8Wntgx
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
d2ecb95a0786ecc64b1f7cb3e1bf759122d0cdd14d8f19484bb0c15fdc5981d5
-
Size
939KB
-
MD5
44ac2fd6c0048e8d6a8d6cc90fdf6439
-
SHA1
63dd52a5919cd769659a697fff0497dfb49d7923
-
SHA256
d2ecb95a0786ecc64b1f7cb3e1bf759122d0cdd14d8f19484bb0c15fdc5981d5
-
SHA512
f7a37b3e151c6a1559d992ad7ba83bc671e85a6faab4665c3970a48ae57a9ba99bf0ee99137a513c8ee17c12ca639f9b989e95a183dedd4b3a050757f38c672e
-
SSDEEP
24576:VyySWrjMOzwkHVa4fTjdIg9si8VVdwn1a4gxKYk:wHWPxc644fdwi8Wntgx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-