General
-
Target
d0d90025adf34010405a59740552f0cbce845b4cab057ef5761c0d5f04e25095
-
Size
673KB
-
Sample
230331-xr2gesea3z
-
MD5
cd76634914ac243399bbcc14e3dbfa94
-
SHA1
eb587abd0dfd67bdbf8ffd06fae03cc77b49d4d4
-
SHA256
d0d90025adf34010405a59740552f0cbce845b4cab057ef5761c0d5f04e25095
-
SHA512
3bfa6b038a9c594cc4e4824eb756d5d54b323082349bc953434d9dab11017cc86be9437752757136d3d52388f64f41f9d190d85358a2d410afd2168cc6c8b673
-
SSDEEP
12288:PMrcy90dWccTbkZCyBfXZPyGerGJDb/OKJ+8S/a85AYjmd/I:PyImjyBPFtJ+hi8GYM/I
Static task
static1
Behavioral task
behavioral1
Sample
d0d90025adf34010405a59740552f0cbce845b4cab057ef5761c0d5f04e25095.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
d0d90025adf34010405a59740552f0cbce845b4cab057ef5761c0d5f04e25095
-
Size
673KB
-
MD5
cd76634914ac243399bbcc14e3dbfa94
-
SHA1
eb587abd0dfd67bdbf8ffd06fae03cc77b49d4d4
-
SHA256
d0d90025adf34010405a59740552f0cbce845b4cab057ef5761c0d5f04e25095
-
SHA512
3bfa6b038a9c594cc4e4824eb756d5d54b323082349bc953434d9dab11017cc86be9437752757136d3d52388f64f41f9d190d85358a2d410afd2168cc6c8b673
-
SSDEEP
12288:PMrcy90dWccTbkZCyBfXZPyGerGJDb/OKJ+8S/a85AYjmd/I:PyImjyBPFtJ+hi8GYM/I
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-