General
-
Target
8626b98d9e75752c5384580a7b8e0092fa979b278e44a4a50bf171fcc21727d0
-
Size
534KB
-
Sample
230331-x1wmjaeb2v
-
MD5
5a52003e6d127aacd99b62f8cb1a1b3a
-
SHA1
064455649c632e63a71a352b92cb6ee383849647
-
SHA256
8626b98d9e75752c5384580a7b8e0092fa979b278e44a4a50bf171fcc21727d0
-
SHA512
f304a73bcb1d3de222400fc11f5fc8786034913f2a5615e778df05bca183aac5aadca66bbc5ff9e52076fe54b0da43f9c0c8c9f46d0d2820ce2b78b10990e6c7
-
SSDEEP
12288:0Mrwy90M0l8YWWytRLYQ5bYOaObnrA3tYHLl5WD:UyWORPbM3tqLlO
Static task
static1
Behavioral task
behavioral1
Sample
8626b98d9e75752c5384580a7b8e0092fa979b278e44a4a50bf171fcc21727d0.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
8626b98d9e75752c5384580a7b8e0092fa979b278e44a4a50bf171fcc21727d0
-
Size
534KB
-
MD5
5a52003e6d127aacd99b62f8cb1a1b3a
-
SHA1
064455649c632e63a71a352b92cb6ee383849647
-
SHA256
8626b98d9e75752c5384580a7b8e0092fa979b278e44a4a50bf171fcc21727d0
-
SHA512
f304a73bcb1d3de222400fc11f5fc8786034913f2a5615e778df05bca183aac5aadca66bbc5ff9e52076fe54b0da43f9c0c8c9f46d0d2820ce2b78b10990e6c7
-
SSDEEP
12288:0Mrwy90M0l8YWWytRLYQ5bYOaObnrA3tYHLl5WD:UyWORPbM3tqLlO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-