General
-
Target
2449354953927fb079e230952041ed6d7da5cf2d22538aef64f2399ec8236b7a
-
Size
672KB
-
Sample
230331-wb74lade3x
-
MD5
5ee89391af96b58f7be8ef779ed86866
-
SHA1
f1f64b4f1e4680a00788e6bccce7788b4ab1cde1
-
SHA256
2449354953927fb079e230952041ed6d7da5cf2d22538aef64f2399ec8236b7a
-
SHA512
802249fff6a6972b2fe09ae1ad716352b87ddd8b8eabc1b709f90a5bce4682138ecf3faea7ea6c6e309f0c3ec322331ebcb5ffb8f21267f386f83fbf9b846137
-
SSDEEP
12288:lMrUy90YE5lURXjp9DRt+q0av0uJIbjmAvvpLPomJK+Ya6Kepssn:py1RXt99tMavabjBZoeHkS2
Static task
static1
Behavioral task
behavioral1
Sample
2449354953927fb079e230952041ed6d7da5cf2d22538aef64f2399ec8236b7a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
2449354953927fb079e230952041ed6d7da5cf2d22538aef64f2399ec8236b7a
-
Size
672KB
-
MD5
5ee89391af96b58f7be8ef779ed86866
-
SHA1
f1f64b4f1e4680a00788e6bccce7788b4ab1cde1
-
SHA256
2449354953927fb079e230952041ed6d7da5cf2d22538aef64f2399ec8236b7a
-
SHA512
802249fff6a6972b2fe09ae1ad716352b87ddd8b8eabc1b709f90a5bce4682138ecf3faea7ea6c6e309f0c3ec322331ebcb5ffb8f21267f386f83fbf9b846137
-
SSDEEP
12288:lMrUy90YE5lURXjp9DRt+q0av0uJIbjmAvvpLPomJK+Ya6Kepssn:py1RXt99tMavabjBZoeHkS2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-