General
-
Target
371a4377bd5a81c54ea09aa16ee88147aaa6fb35b9976b5001a1748f2bdd21bb
-
Size
671KB
-
Sample
230331-1h9yzsdf73
-
MD5
2851a0e0c46a4da0d24e37da7ee6d4fd
-
SHA1
244693987d5a8a14f9164b77a6c8dd211bd05bfe
-
SHA256
371a4377bd5a81c54ea09aa16ee88147aaa6fb35b9976b5001a1748f2bdd21bb
-
SHA512
ffea9853db058802002b8d98cd2f5f0cc3aca113886e98ea141071d1f5af442669ecf3191d7e33ec7e5a4af807b44611cf662c43b526b8b243329e9b59a0590c
-
SSDEEP
12288:4MrCy90ug5OFsgCVn85d90iT0fgqM9THJCy+3Uy3LqrwTlQRSF4bD:6y7CTgCUdCiT0fUjJCyoUy3GrMlQRSFI
Static task
static1
Behavioral task
behavioral1
Sample
371a4377bd5a81c54ea09aa16ee88147aaa6fb35b9976b5001a1748f2bdd21bb.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
371a4377bd5a81c54ea09aa16ee88147aaa6fb35b9976b5001a1748f2bdd21bb
-
Size
671KB
-
MD5
2851a0e0c46a4da0d24e37da7ee6d4fd
-
SHA1
244693987d5a8a14f9164b77a6c8dd211bd05bfe
-
SHA256
371a4377bd5a81c54ea09aa16ee88147aaa6fb35b9976b5001a1748f2bdd21bb
-
SHA512
ffea9853db058802002b8d98cd2f5f0cc3aca113886e98ea141071d1f5af442669ecf3191d7e33ec7e5a4af807b44611cf662c43b526b8b243329e9b59a0590c
-
SSDEEP
12288:4MrCy90ug5OFsgCVn85d90iT0fgqM9THJCy+3Uy3LqrwTlQRSF4bD:6y7CTgCUdCiT0fUjJCyoUy3GrMlQRSFI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-