General
-
Target
eff00716122cee5bf3f88fa76d005f9333c47445c47959be08ef043b0189383e
-
Size
1.0MB
-
Sample
230414-kbvbyshb57
-
MD5
05e6c2fc61c94287a4220b4986ec67d6
-
SHA1
45be9b4f2291af8b0d15555f052e628769fa8a29
-
SHA256
eff00716122cee5bf3f88fa76d005f9333c47445c47959be08ef043b0189383e
-
SHA512
3bec9a24249ff7d5e9d68a845324365054ce6542a8429f20f139be2180fbcdf568371e6b21367597812d034780b427137d5820dfca9206cd580a8304f0d555a0
-
SSDEEP
24576:VyG1xMrtyxQqlKfH149MQSMDL3LgGqcnmN:wI8pqYfH1MD3Hdqcm
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
disa
185.161.248.90:4125
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Targets
-
-
Target
eff00716122cee5bf3f88fa76d005f9333c47445c47959be08ef043b0189383e
-
Size
1.0MB
-
MD5
05e6c2fc61c94287a4220b4986ec67d6
-
SHA1
45be9b4f2291af8b0d15555f052e628769fa8a29
-
SHA256
eff00716122cee5bf3f88fa76d005f9333c47445c47959be08ef043b0189383e
-
SHA512
3bec9a24249ff7d5e9d68a845324365054ce6542a8429f20f139be2180fbcdf568371e6b21367597812d034780b427137d5820dfca9206cd580a8304f0d555a0
-
SSDEEP
24576:VyG1xMrtyxQqlKfH149MQSMDL3LgGqcnmN:wI8pqYfH1MD3Hdqcm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-