General
-
Target
d922aa6949d0d7d66f14057b3f4802221577c3e62f6504f76d24a8e16582ba34
-
Size
672KB
-
Sample
230331-weqnqade51
-
MD5
712b61ca5cab93280cbc4c2a5a291a8b
-
SHA1
a55f76df7d94ddb435891e77905291e3f75de921
-
SHA256
d922aa6949d0d7d66f14057b3f4802221577c3e62f6504f76d24a8e16582ba34
-
SHA512
b4e6ae5b54f772dc6bf81424978698ce9a493e433bad89f1c2c14a6d32099bd31887d4d0a12f25db383b3b9a52510a6d042265637467c9e245de2d71b8b24980
-
SSDEEP
12288:LMruy908kS5svH6fEjx+HbtgGiBHDQLpcgE6l1R9omaW+YcpeapT0ea:NyCS5eH6fEutgGhtQ6oZ/Reea
Static task
static1
Behavioral task
behavioral1
Sample
d922aa6949d0d7d66f14057b3f4802221577c3e62f6504f76d24a8e16582ba34.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
d922aa6949d0d7d66f14057b3f4802221577c3e62f6504f76d24a8e16582ba34
-
Size
672KB
-
MD5
712b61ca5cab93280cbc4c2a5a291a8b
-
SHA1
a55f76df7d94ddb435891e77905291e3f75de921
-
SHA256
d922aa6949d0d7d66f14057b3f4802221577c3e62f6504f76d24a8e16582ba34
-
SHA512
b4e6ae5b54f772dc6bf81424978698ce9a493e433bad89f1c2c14a6d32099bd31887d4d0a12f25db383b3b9a52510a6d042265637467c9e245de2d71b8b24980
-
SSDEEP
12288:LMruy908kS5svH6fEjx+HbtgGiBHDQLpcgE6l1R9omaW+YcpeapT0ea:NyCS5eH6fEutgGhtQ6oZ/Reea
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-