General
-
Target
c31141173152bc54fc0ebb3fcbe74498feca6211d1c67a551e39c31a30f7101f
-
Size
672KB
-
Sample
230331-xnjgfacf38
-
MD5
e5742eb26939b69f165ab62450448f1e
-
SHA1
cb03ad63a44227b98dd53d0e0cf9a5c327cee9ce
-
SHA256
c31141173152bc54fc0ebb3fcbe74498feca6211d1c67a551e39c31a30f7101f
-
SHA512
520d6e03abb6d953abb072f95a2100f4225778a65779b9161518e37cb97eb36dce1bb7808d91eb74fc6ef5e262151f8ea9ffda058e1203acae69ecac56e9f84a
-
SSDEEP
12288:ZMrky90bzJ/fpXCbwZ3PgO0bMAyPjMZQ0njoSACD2/OzU+8SkCq1oOhX5k:NyWtzZ3P7IMAyPAG2ZU+h3gRi
Static task
static1
Behavioral task
behavioral1
Sample
c31141173152bc54fc0ebb3fcbe74498feca6211d1c67a551e39c31a30f7101f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
c31141173152bc54fc0ebb3fcbe74498feca6211d1c67a551e39c31a30f7101f
-
Size
672KB
-
MD5
e5742eb26939b69f165ab62450448f1e
-
SHA1
cb03ad63a44227b98dd53d0e0cf9a5c327cee9ce
-
SHA256
c31141173152bc54fc0ebb3fcbe74498feca6211d1c67a551e39c31a30f7101f
-
SHA512
520d6e03abb6d953abb072f95a2100f4225778a65779b9161518e37cb97eb36dce1bb7808d91eb74fc6ef5e262151f8ea9ffda058e1203acae69ecac56e9f84a
-
SSDEEP
12288:ZMrky90bzJ/fpXCbwZ3PgO0bMAyPjMZQ0njoSACD2/OzU+8SkCq1oOhX5k:NyWtzZ3P7IMAyPAG2ZU+h3gRi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-