General
-
Target
f0d925dad1755590d7435a836609a9a2d37c47da8d8a2542d5af48e2d26f0753
-
Size
672KB
-
Sample
230331-wwsveadf8w
-
MD5
6a3034805e5875a97b12eb5f4ae98476
-
SHA1
92703e457946359fbfa7565a64ea88a0fd5610b7
-
SHA256
f0d925dad1755590d7435a836609a9a2d37c47da8d8a2542d5af48e2d26f0753
-
SHA512
354f80a831a5496514e24577d2abf96efdd76f11ad4ce0785bb00a1da2f00ec7b5fe5f9b662ecd677be59c2c3ca76d7943865dfc3647c6275e92b19651c77de6
-
SSDEEP
12288:+Mrey90m8io4GOP2gdZRrBuv4XBTL7K95UlMR+omJg+YQyeJphBn5:8yD8i9GMkgxvg5AoA3LLB5
Static task
static1
Behavioral task
behavioral1
Sample
f0d925dad1755590d7435a836609a9a2d37c47da8d8a2542d5af48e2d26f0753.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
f0d925dad1755590d7435a836609a9a2d37c47da8d8a2542d5af48e2d26f0753
-
Size
672KB
-
MD5
6a3034805e5875a97b12eb5f4ae98476
-
SHA1
92703e457946359fbfa7565a64ea88a0fd5610b7
-
SHA256
f0d925dad1755590d7435a836609a9a2d37c47da8d8a2542d5af48e2d26f0753
-
SHA512
354f80a831a5496514e24577d2abf96efdd76f11ad4ce0785bb00a1da2f00ec7b5fe5f9b662ecd677be59c2c3ca76d7943865dfc3647c6275e92b19651c77de6
-
SSDEEP
12288:+Mrey90m8io4GOP2gdZRrBuv4XBTL7K95UlMR+omJg+YQyeJphBn5:8yD8i9GMkgxvg5AoA3LLB5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-