General
-
Target
9e213193fbfa7055c90747d6390158f9178532236886252eb4a0cbae12ee9f76
-
Size
672KB
-
Sample
230331-w98g1sce37
-
MD5
ce40e4e09da8781d8c69966f2253127a
-
SHA1
2b6ba94ad47273298a66887c82015b513c3e5f7e
-
SHA256
9e213193fbfa7055c90747d6390158f9178532236886252eb4a0cbae12ee9f76
-
SHA512
6494b3394f06d16e7139831a28515f91ea2cce4abdd911924a3f97ee34efcc84e5001989933e93a36bf8fbd834abfbce01b680e0f28c850422ff0a4c3adf2280
-
SSDEEP
12288:+Mr7y90IqW1o67U/eB727Gr9NCZbomnZ+Yc5o4pahYCN:py/qSe+cMCZboxlFEhYCN
Static task
static1
Behavioral task
behavioral1
Sample
9e213193fbfa7055c90747d6390158f9178532236886252eb4a0cbae12ee9f76.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
9e213193fbfa7055c90747d6390158f9178532236886252eb4a0cbae12ee9f76
-
Size
672KB
-
MD5
ce40e4e09da8781d8c69966f2253127a
-
SHA1
2b6ba94ad47273298a66887c82015b513c3e5f7e
-
SHA256
9e213193fbfa7055c90747d6390158f9178532236886252eb4a0cbae12ee9f76
-
SHA512
6494b3394f06d16e7139831a28515f91ea2cce4abdd911924a3f97ee34efcc84e5001989933e93a36bf8fbd834abfbce01b680e0f28c850422ff0a4c3adf2280
-
SSDEEP
12288:+Mr7y90IqW1o67U/eB727Gr9NCZbomnZ+Yc5o4pahYCN:py/qSe+cMCZboxlFEhYCN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-