General
-
Target
ffa065a8e32dc1413a81d11fc1cb17fd85b03f32a7b9f13527687e9578417592
-
Size
673KB
-
Sample
230331-x5hlgacg63
-
MD5
09cb90f88872f170f7a02ba9c0994041
-
SHA1
a3a8a15b2c8cdad86372d6c8ed01583e7e056235
-
SHA256
ffa065a8e32dc1413a81d11fc1cb17fd85b03f32a7b9f13527687e9578417592
-
SHA512
bd260d4c3e45513090ed38e3f99c11aff83bcb9afbcb73ae817a8b9f0ec5208fe3021e4da3288895b5bff280632ae650f21375e59ef67fb6425be22b48ef22b5
-
SSDEEP
12288:VMr7y909yG//uppHW89aO1zXLXMWeM1oaNbuObmrJmj5iEWWG:eyv+/uDHV4m3coDNBbSK4RH
Static task
static1
Behavioral task
behavioral1
Sample
ffa065a8e32dc1413a81d11fc1cb17fd85b03f32a7b9f13527687e9578417592.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
ffa065a8e32dc1413a81d11fc1cb17fd85b03f32a7b9f13527687e9578417592
-
Size
673KB
-
MD5
09cb90f88872f170f7a02ba9c0994041
-
SHA1
a3a8a15b2c8cdad86372d6c8ed01583e7e056235
-
SHA256
ffa065a8e32dc1413a81d11fc1cb17fd85b03f32a7b9f13527687e9578417592
-
SHA512
bd260d4c3e45513090ed38e3f99c11aff83bcb9afbcb73ae817a8b9f0ec5208fe3021e4da3288895b5bff280632ae650f21375e59ef67fb6425be22b48ef22b5
-
SSDEEP
12288:VMr7y909yG//uppHW89aO1zXLXMWeM1oaNbuObmrJmj5iEWWG:eyv+/uDHV4m3coDNBbSK4RH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-