General
-
Target
bd1b362e5decd812b883a62629913188a790f3f49b55b52aa9108b63e35e89e8
-
Size
992KB
-
Sample
230411-pjdrdsea7t
-
MD5
833a4c872473812bc08ed60beb3df591
-
SHA1
72b6da8b6157fade901cd889f1ef9313718d0448
-
SHA256
bd1b362e5decd812b883a62629913188a790f3f49b55b52aa9108b63e35e89e8
-
SHA512
1f805cbb051957835f9e9f71f831b35b8c434d91eee0fc8e5b1d5cb06acb6ac4f7fbb23020d03f9fe67d55a4508da9e98587454b87d1bbb962f092388761a1de
-
SSDEEP
24576:LyTkW0dAmUbWmMGNefADDCg+MKFqTmeqH2:+THw4bWLGNeYDDC5qqh
Static task
static1
Behavioral task
behavioral1
Sample
bd1b362e5decd812b883a62629913188a790f3f49b55b52aa9108b63e35e89e8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
bd1b362e5decd812b883a62629913188a790f3f49b55b52aa9108b63e35e89e8
-
Size
992KB
-
MD5
833a4c872473812bc08ed60beb3df591
-
SHA1
72b6da8b6157fade901cd889f1ef9313718d0448
-
SHA256
bd1b362e5decd812b883a62629913188a790f3f49b55b52aa9108b63e35e89e8
-
SHA512
1f805cbb051957835f9e9f71f831b35b8c434d91eee0fc8e5b1d5cb06acb6ac4f7fbb23020d03f9fe67d55a4508da9e98587454b87d1bbb962f092388761a1de
-
SSDEEP
24576:LyTkW0dAmUbWmMGNefADDCg+MKFqTmeqH2:+THw4bWLGNeYDDC5qqh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-