General
-
Target
4952ed9cd0b6be445edddef3131f2eba4a6a111c03b48cc990a282fe26549b29
-
Size
533KB
-
Sample
230331-x5hlgacg62
-
MD5
d941e9109e4f04c50ca27a4cc8779776
-
SHA1
debe1461a5687210d10d2ba6ae60fbb6982b68cd
-
SHA256
4952ed9cd0b6be445edddef3131f2eba4a6a111c03b48cc990a282fe26549b29
-
SHA512
d9dee4639fef02e86e8b063b12172f97c9569f67a939508ca0d145111210777fd4cb30fb407d023a03fba442256d9e3a953b62a1ce2a37288d6f175dd7e2c00f
-
SSDEEP
12288:9MrPy90gMTfF6DWaG6r8DDueceWxTOburar8iGyR8H:myjEfycKcbbYitRQ
Static task
static1
Behavioral task
behavioral1
Sample
4952ed9cd0b6be445edddef3131f2eba4a6a111c03b48cc990a282fe26549b29.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
4952ed9cd0b6be445edddef3131f2eba4a6a111c03b48cc990a282fe26549b29
-
Size
533KB
-
MD5
d941e9109e4f04c50ca27a4cc8779776
-
SHA1
debe1461a5687210d10d2ba6ae60fbb6982b68cd
-
SHA256
4952ed9cd0b6be445edddef3131f2eba4a6a111c03b48cc990a282fe26549b29
-
SHA512
d9dee4639fef02e86e8b063b12172f97c9569f67a939508ca0d145111210777fd4cb30fb407d023a03fba442256d9e3a953b62a1ce2a37288d6f175dd7e2c00f
-
SSDEEP
12288:9MrPy90gMTfF6DWaG6r8DDueceWxTOburar8iGyR8H:myjEfycKcbbYitRQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-