General
-
Target
5fa4e9817ffd5401599d3953f5ce080a2a3c1955fa3af2e60ede42eed52e2284
-
Size
938KB
-
Sample
230410-znq8dsgc24
-
MD5
1fee4cf9a946a0123830edcb4efaa678
-
SHA1
603e59e986df51e1940bd862b8dd7071d1fdb0af
-
SHA256
5fa4e9817ffd5401599d3953f5ce080a2a3c1955fa3af2e60ede42eed52e2284
-
SHA512
0c78f05ad46f9077a9073b6054a56c52f9745dd127f97b59fe62c3801b3d2b54eba2a6a8b29f9225cba1f1d3473b8914480144adb849a3b00e51fa531c26505e
-
SSDEEP
24576:AyMMNmzcPc4geaNaEWkH31pXIm9GSfP/pUwn0Vj:HIzcPyeaoEPH3n4SX/pUU
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
5fa4e9817ffd5401599d3953f5ce080a2a3c1955fa3af2e60ede42eed52e2284
-
Size
938KB
-
MD5
1fee4cf9a946a0123830edcb4efaa678
-
SHA1
603e59e986df51e1940bd862b8dd7071d1fdb0af
-
SHA256
5fa4e9817ffd5401599d3953f5ce080a2a3c1955fa3af2e60ede42eed52e2284
-
SHA512
0c78f05ad46f9077a9073b6054a56c52f9745dd127f97b59fe62c3801b3d2b54eba2a6a8b29f9225cba1f1d3473b8914480144adb849a3b00e51fa531c26505e
-
SSDEEP
24576:AyMMNmzcPc4geaNaEWkH31pXIm9GSfP/pUwn0Vj:HIzcPyeaoEPH3n4SX/pUU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-