General
-
Target
664ca6ad30276f06ab847d1b4e1512fc440c74f75784f74e71fab4e1bc0f4d67
-
Size
534KB
-
Sample
230331-x3pl1aeb31
-
MD5
1a02141fcfb9cd7e67d652e3944d2023
-
SHA1
fd69299b90b70d1e06f72b3dd176cf7ee6a2639c
-
SHA256
664ca6ad30276f06ab847d1b4e1512fc440c74f75784f74e71fab4e1bc0f4d67
-
SHA512
339710543cab8ddfa2de368f60ac070d9ec4ada8064ce74ef4b5045e90bfb9c1ba9f6adc8ddfe05e3298f757d7be67f4d745939032d59388e6b6481e400be526
-
SSDEEP
12288:3MrYy90lb4Z0TKvOUTufecpvOKQCxbyVOb5rFpFfYgyb7jy2B+SqB:zyoIO9xRQCLbDpFQgyb7jyW+zB
Static task
static1
Behavioral task
behavioral1
Sample
664ca6ad30276f06ab847d1b4e1512fc440c74f75784f74e71fab4e1bc0f4d67.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
664ca6ad30276f06ab847d1b4e1512fc440c74f75784f74e71fab4e1bc0f4d67
-
Size
534KB
-
MD5
1a02141fcfb9cd7e67d652e3944d2023
-
SHA1
fd69299b90b70d1e06f72b3dd176cf7ee6a2639c
-
SHA256
664ca6ad30276f06ab847d1b4e1512fc440c74f75784f74e71fab4e1bc0f4d67
-
SHA512
339710543cab8ddfa2de368f60ac070d9ec4ada8064ce74ef4b5045e90bfb9c1ba9f6adc8ddfe05e3298f757d7be67f4d745939032d59388e6b6481e400be526
-
SSDEEP
12288:3MrYy90lb4Z0TKvOUTufecpvOKQCxbyVOb5rFpFfYgyb7jy2B+SqB:zyoIO9xRQCLbDpFQgyb7jyW+zB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-