General
-
Target
5fc9dc93977acdbed25b5461f74267e6ce1c8cc796923e611afe84159a990b29
-
Size
673KB
-
Sample
230331-xgdbvadh5v
-
MD5
67434f9d24f6165eb393225772adea15
-
SHA1
8dc17e50bba2cb9a8d0878ed89c92d056fa8fb03
-
SHA256
5fc9dc93977acdbed25b5461f74267e6ce1c8cc796923e611afe84159a990b29
-
SHA512
ae025357dc2bd59670a9e9ee0ab35d4ca63c2e206d8cf194a4eb5cc23049fbc9c69c2faa38fb2a3480f6737597d80c62450979a09d2e78913f673834dd80b342
-
SSDEEP
12288:KMriy90YPLWgHRbHC6+QPyqD5GsB0Ddmc4WOvFoGZUbFomNM+YXgKIpE0mTR:syTSM9PySG/dV4WSFoGipo4aIUR
Static task
static1
Behavioral task
behavioral1
Sample
5fc9dc93977acdbed25b5461f74267e6ce1c8cc796923e611afe84159a990b29.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
5fc9dc93977acdbed25b5461f74267e6ce1c8cc796923e611afe84159a990b29
-
Size
673KB
-
MD5
67434f9d24f6165eb393225772adea15
-
SHA1
8dc17e50bba2cb9a8d0878ed89c92d056fa8fb03
-
SHA256
5fc9dc93977acdbed25b5461f74267e6ce1c8cc796923e611afe84159a990b29
-
SHA512
ae025357dc2bd59670a9e9ee0ab35d4ca63c2e206d8cf194a4eb5cc23049fbc9c69c2faa38fb2a3480f6737597d80c62450979a09d2e78913f673834dd80b342
-
SSDEEP
12288:KMriy90YPLWgHRbHC6+QPyqD5GsB0Ddmc4WOvFoGZUbFomNM+YXgKIpE0mTR:syTSM9PySG/dV4WSFoGipo4aIUR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-