General
-
Target
f7c5fa4827337db7f3f3005a1b28a3da250617b19812555f1054731c454b7ac5
-
Size
672KB
-
Sample
230331-xekcdadh4x
-
MD5
4ed48d38b04c3c29c563b9e14209947d
-
SHA1
d113c9be013d20eed427c468506fb3a85550bfce
-
SHA256
f7c5fa4827337db7f3f3005a1b28a3da250617b19812555f1054731c454b7ac5
-
SHA512
f0063959c82ad96594a7cf5a211d291aeaeff2fce401bd1aeca56985cdcab82a6c52043d80eddf3ead569fcbd08e630d57a80e7ba15b013a5e0bbf3d5e69e1cf
-
SSDEEP
12288:+Mr0y90iaftyyrLttVqsQCGRmtp1AZtq6Womev+Yl7r+ptajQgZkX:uyaVDsI+ZxWo+8+najxZkX
Static task
static1
Behavioral task
behavioral1
Sample
f7c5fa4827337db7f3f3005a1b28a3da250617b19812555f1054731c454b7ac5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
f7c5fa4827337db7f3f3005a1b28a3da250617b19812555f1054731c454b7ac5
-
Size
672KB
-
MD5
4ed48d38b04c3c29c563b9e14209947d
-
SHA1
d113c9be013d20eed427c468506fb3a85550bfce
-
SHA256
f7c5fa4827337db7f3f3005a1b28a3da250617b19812555f1054731c454b7ac5
-
SHA512
f0063959c82ad96594a7cf5a211d291aeaeff2fce401bd1aeca56985cdcab82a6c52043d80eddf3ead569fcbd08e630d57a80e7ba15b013a5e0bbf3d5e69e1cf
-
SSDEEP
12288:+Mr0y90iaftyyrLttVqsQCGRmtp1AZtq6Womev+Yl7r+ptajQgZkX:uyaVDsI+ZxWo+8+najxZkX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-