General
-
Target
582efdc65f03a749702ff13ec7556fe5386cff93e6494e9929d8840e943a3a72
-
Size
672KB
-
Sample
230331-xp7wesea2t
-
MD5
66dd7a4e4e41bb556e6cd46dabe2b27e
-
SHA1
3d69021761e5792bc7f980c024221dff55088d17
-
SHA256
582efdc65f03a749702ff13ec7556fe5386cff93e6494e9929d8840e943a3a72
-
SHA512
7ee234dd609c7abb278685c0289df3224ce2efd3e1d431e9984ff70caa4e6e8305c042e8f359e8a122875ccce5477ee79c83dbcba7fdbdd8185820741753f2b3
-
SSDEEP
12288:AMrWy90Tw0s+Sf4TTIiooyNpGyReKY6AMaXihYDa/On+8So0272IUl1B:GyEbfSUByvwKY6DaXiO+hT2VQB
Static task
static1
Behavioral task
behavioral1
Sample
582efdc65f03a749702ff13ec7556fe5386cff93e6494e9929d8840e943a3a72.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
582efdc65f03a749702ff13ec7556fe5386cff93e6494e9929d8840e943a3a72
-
Size
672KB
-
MD5
66dd7a4e4e41bb556e6cd46dabe2b27e
-
SHA1
3d69021761e5792bc7f980c024221dff55088d17
-
SHA256
582efdc65f03a749702ff13ec7556fe5386cff93e6494e9929d8840e943a3a72
-
SHA512
7ee234dd609c7abb278685c0289df3224ce2efd3e1d431e9984ff70caa4e6e8305c042e8f359e8a122875ccce5477ee79c83dbcba7fdbdd8185820741753f2b3
-
SSDEEP
12288:AMrWy90Tw0s+Sf4TTIiooyNpGyReKY6AMaXihYDa/On+8So0272IUl1B:GyEbfSUByvwKY6DaXiO+hT2VQB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-