General
-
Target
2ba84c9576dd3f5776544f7347b2cad071704b88553fe30ec93bbb9c16291dda
-
Size
672KB
-
Sample
230331-wxn8lscd24
-
MD5
0abcfcba1b3cddbaf8240ddc151dcd99
-
SHA1
965406314e5dc25cf1874e41ac1806afa7df7f20
-
SHA256
2ba84c9576dd3f5776544f7347b2cad071704b88553fe30ec93bbb9c16291dda
-
SHA512
305ec1d777fde91c67dba6351a1f58af714d2f6fa056b3f2ada4d9f68f2aed129ac754a1aadf0d87e28cde4a89997f410f47e39094bca68377e544269bb3441c
-
SSDEEP
12288:LMrEy90Szi98svGy7ABrmeVVDAbNBoomO++YIURUpraAk1n:HyQ9n7B+KbQoRfLhaLn
Static task
static1
Behavioral task
behavioral1
Sample
2ba84c9576dd3f5776544f7347b2cad071704b88553fe30ec93bbb9c16291dda.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
2ba84c9576dd3f5776544f7347b2cad071704b88553fe30ec93bbb9c16291dda
-
Size
672KB
-
MD5
0abcfcba1b3cddbaf8240ddc151dcd99
-
SHA1
965406314e5dc25cf1874e41ac1806afa7df7f20
-
SHA256
2ba84c9576dd3f5776544f7347b2cad071704b88553fe30ec93bbb9c16291dda
-
SHA512
305ec1d777fde91c67dba6351a1f58af714d2f6fa056b3f2ada4d9f68f2aed129ac754a1aadf0d87e28cde4a89997f410f47e39094bca68377e544269bb3441c
-
SSDEEP
12288:LMrEy90Szi98svGy7ABrmeVVDAbNBoomO++YIURUpraAk1n:HyQ9n7B+KbQoRfLhaLn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-