General
-
Target
2650bf85eda7223f6638ca074f99ede4d70009541d7199c46bba426acde6f62d
-
Size
672KB
-
Sample
230331-x3pl1acg45
-
MD5
dac9d59a05acb82959bfe1e0992159d8
-
SHA1
567ef51db3cfca46ee307936ad6445db5fef258d
-
SHA256
2650bf85eda7223f6638ca074f99ede4d70009541d7199c46bba426acde6f62d
-
SHA512
91a968e03f588d9d467c0dbbb5ce10aaed3a4c74e1316897f46e3748ade082bb2bcdad7e7f8d671f40bd733867f752d225a8527b67de597242657a8f1c3b64f0
-
SSDEEP
12288:8MrLy904x2rlt0Mh7R/CQg8TM/liW9R+bJ+oM+HCDZUObBrNm9nt6i:Pyr4/CQBMgOGEt+abPYnIi
Static task
static1
Behavioral task
behavioral1
Sample
2650bf85eda7223f6638ca074f99ede4d70009541d7199c46bba426acde6f62d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
2650bf85eda7223f6638ca074f99ede4d70009541d7199c46bba426acde6f62d
-
Size
672KB
-
MD5
dac9d59a05acb82959bfe1e0992159d8
-
SHA1
567ef51db3cfca46ee307936ad6445db5fef258d
-
SHA256
2650bf85eda7223f6638ca074f99ede4d70009541d7199c46bba426acde6f62d
-
SHA512
91a968e03f588d9d467c0dbbb5ce10aaed3a4c74e1316897f46e3748ade082bb2bcdad7e7f8d671f40bd733867f752d225a8527b67de597242657a8f1c3b64f0
-
SSDEEP
12288:8MrLy904x2rlt0Mh7R/CQg8TM/liW9R+bJ+oM+HCDZUObBrNm9nt6i:Pyr4/CQBMgOGEt+abPYnIi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-