General
-
Target
ef8a75c6b45b8bd204ef6afe1ee88e5ac7684adcad21f991523dfefc5d7479e0
-
Size
940KB
-
Sample
230410-zlr2xahg2z
-
MD5
025b3503d9747eec7ec048e09f5e007f
-
SHA1
203efea7b4c025cf592e50f90ec35e1a06803c4e
-
SHA256
ef8a75c6b45b8bd204ef6afe1ee88e5ac7684adcad21f991523dfefc5d7479e0
-
SHA512
6987fa26706c13bc961ae070cd74674ae31e64f1ef001612fae308712959b4927479c7df0b9c3c24e8ebc49b8e38eabcaf14f7d2708a9f7095576416e537787e
-
SSDEEP
24576:5yeX8lfG6RSiQE9lK5cIPpgR3jSN7Cpom:s+886f9lJsgdW0o
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
ef8a75c6b45b8bd204ef6afe1ee88e5ac7684adcad21f991523dfefc5d7479e0
-
Size
940KB
-
MD5
025b3503d9747eec7ec048e09f5e007f
-
SHA1
203efea7b4c025cf592e50f90ec35e1a06803c4e
-
SHA256
ef8a75c6b45b8bd204ef6afe1ee88e5ac7684adcad21f991523dfefc5d7479e0
-
SHA512
6987fa26706c13bc961ae070cd74674ae31e64f1ef001612fae308712959b4927479c7df0b9c3c24e8ebc49b8e38eabcaf14f7d2708a9f7095576416e537787e
-
SSDEEP
24576:5yeX8lfG6RSiQE9lK5cIPpgR3jSN7Cpom:s+886f9lJsgdW0o
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-