General
-
Target
d2792d886db75b7e52386697950aa367f9bba1f3b0c5a20b8cef723bf942b955
-
Size
674KB
-
Sample
230331-x4lazacg55
-
MD5
ac8938770b8acd1a61f7c40c6d5bdf46
-
SHA1
7be9e516ed176387aa0e3b301b0506f6ec969189
-
SHA256
d2792d886db75b7e52386697950aa367f9bba1f3b0c5a20b8cef723bf942b955
-
SHA512
212b41227ecafc0b5ef023bec9afa8d9202d48d266ac6ef5a7f780057406926a92d41fc110818f581a61b487afbe48292d67531039dae5b1b63a9ccf77ee3027
-
SSDEEP
12288:3Mrzy90p+UyjxpSma2RHV1N9m5EHlCgFG/pedaObirQmLAIFaGlUJqn:0ykVeJa011N9AEHYgFpfbTmAIm2
Static task
static1
Behavioral task
behavioral1
Sample
d2792d886db75b7e52386697950aa367f9bba1f3b0c5a20b8cef723bf942b955.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
d2792d886db75b7e52386697950aa367f9bba1f3b0c5a20b8cef723bf942b955
-
Size
674KB
-
MD5
ac8938770b8acd1a61f7c40c6d5bdf46
-
SHA1
7be9e516ed176387aa0e3b301b0506f6ec969189
-
SHA256
d2792d886db75b7e52386697950aa367f9bba1f3b0c5a20b8cef723bf942b955
-
SHA512
212b41227ecafc0b5ef023bec9afa8d9202d48d266ac6ef5a7f780057406926a92d41fc110818f581a61b487afbe48292d67531039dae5b1b63a9ccf77ee3027
-
SSDEEP
12288:3Mrzy90p+UyjxpSma2RHV1N9m5EHlCgFG/pedaObirQmLAIFaGlUJqn:0ykVeJa011N9AEHYgFpfbTmAIm2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-