General
-
Target
d5ed95268ced1c0758daa7527983209f982ac75254274fb7bbcd296f558d71eb
-
Size
672KB
-
Sample
230331-xsx6dscf72
-
MD5
c7411dcd7d11f2ab5f566451774eda6a
-
SHA1
3a573e0f933503bbf0fdad4101a59ecef0b3a354
-
SHA256
d5ed95268ced1c0758daa7527983209f982ac75254274fb7bbcd296f558d71eb
-
SHA512
2fbc8d1af29a339417b1552319bea8eaeb6452422ac14ddffbdf3e7f1426d377f521ef3f3b7e041171d3bddfc14d29eaedaf6cefd98cfe088e300528c809bd40
-
SSDEEP
12288:cMrMy90ePxjWpuZ1Fp5hbMryea0s2PzSqMq3/OC3Dx/O1H3ETINoie9:YyVPxznMryeJs2PP3/OvXE7
Static task
static1
Behavioral task
behavioral1
Sample
d5ed95268ced1c0758daa7527983209f982ac75254274fb7bbcd296f558d71eb.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
d5ed95268ced1c0758daa7527983209f982ac75254274fb7bbcd296f558d71eb
-
Size
672KB
-
MD5
c7411dcd7d11f2ab5f566451774eda6a
-
SHA1
3a573e0f933503bbf0fdad4101a59ecef0b3a354
-
SHA256
d5ed95268ced1c0758daa7527983209f982ac75254274fb7bbcd296f558d71eb
-
SHA512
2fbc8d1af29a339417b1552319bea8eaeb6452422ac14ddffbdf3e7f1426d377f521ef3f3b7e041171d3bddfc14d29eaedaf6cefd98cfe088e300528c809bd40
-
SSDEEP
12288:cMrMy90ePxjWpuZ1Fp5hbMryea0s2PzSqMq3/OC3Dx/O1H3ETINoie9:YyVPxznMryeJs2PP3/OvXE7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-