General
-
Target
4d49650943c2689fea6885a02f89901660e7e5d84697063b8e4e34a27d6e041d
-
Size
533KB
-
Sample
230331-1kpe3afa4v
-
MD5
8c6a43a322902e1954d70784258d5a9e
-
SHA1
677d0901d358b47b6ef1d52eda44bf26b7a38b0b
-
SHA256
4d49650943c2689fea6885a02f89901660e7e5d84697063b8e4e34a27d6e041d
-
SHA512
bdc8c12323032b3f8352f7abd6d1a801cf52049a39867f43538ae1eb9980ca941571e4b0ebbddd816b13e9bef1ee4eba322ec7ce775400c4e5f14f729378d7b2
-
SSDEEP
6144:KEy+bnr+0p0yN90QEgTrewtqz+vf2HSyTSroM64cgO3ZXv/rE3Lq6i89SOHPJycf:0MrEy90+yGySyy96fDY3LqsDHRycuzU
Static task
static1
Behavioral task
behavioral1
Sample
4d49650943c2689fea6885a02f89901660e7e5d84697063b8e4e34a27d6e041d.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
4d49650943c2689fea6885a02f89901660e7e5d84697063b8e4e34a27d6e041d
-
Size
533KB
-
MD5
8c6a43a322902e1954d70784258d5a9e
-
SHA1
677d0901d358b47b6ef1d52eda44bf26b7a38b0b
-
SHA256
4d49650943c2689fea6885a02f89901660e7e5d84697063b8e4e34a27d6e041d
-
SHA512
bdc8c12323032b3f8352f7abd6d1a801cf52049a39867f43538ae1eb9980ca941571e4b0ebbddd816b13e9bef1ee4eba322ec7ce775400c4e5f14f729378d7b2
-
SSDEEP
6144:KEy+bnr+0p0yN90QEgTrewtqz+vf2HSyTSroM64cgO3ZXv/rE3Lq6i89SOHPJycf:0MrEy90+yGySyy96fDY3LqsDHRycuzU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-