General
-
Target
8d4f0dfe560aafcc683734588101a581288233e44ea241cb600e283153b17c48
-
Size
672KB
-
Sample
230331-wk7t7ade8y
-
MD5
7bdb3a5af74d9b3a5f135a29844b243b
-
SHA1
cd31735281eabe523bf9da7f96ebed39c3dc17b7
-
SHA256
8d4f0dfe560aafcc683734588101a581288233e44ea241cb600e283153b17c48
-
SHA512
a51431ef99c4c60af358aa52bda69f82b7d229002c4c4bce97c5b9e6d6fa378147c8d9dab9860cfb1cf78f649ffaface7961845c919d66708e1acc23829364c2
-
SSDEEP
12288:pMrUy90u71ilKx8LjUFmwkF8QlTmWYQC12somQq+Yfu/XplHu:9yjUQijfwkBCL1voH4svO
Static task
static1
Behavioral task
behavioral1
Sample
8d4f0dfe560aafcc683734588101a581288233e44ea241cb600e283153b17c48.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
8d4f0dfe560aafcc683734588101a581288233e44ea241cb600e283153b17c48
-
Size
672KB
-
MD5
7bdb3a5af74d9b3a5f135a29844b243b
-
SHA1
cd31735281eabe523bf9da7f96ebed39c3dc17b7
-
SHA256
8d4f0dfe560aafcc683734588101a581288233e44ea241cb600e283153b17c48
-
SHA512
a51431ef99c4c60af358aa52bda69f82b7d229002c4c4bce97c5b9e6d6fa378147c8d9dab9860cfb1cf78f649ffaface7961845c919d66708e1acc23829364c2
-
SSDEEP
12288:pMrUy90u71ilKx8LjUFmwkF8QlTmWYQC12somQq+Yfu/XplHu:9yjUQijfwkBCL1voH4svO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-