General
-
Target
d770c264805b357e6614de88b68147e840892ebd5f78efb0db3d795991f6da61
-
Size
673KB
-
Sample
230331-xtt55aea5v
-
MD5
021ae389deb1e5c27145b7eee3d4796e
-
SHA1
7b020f90bae88b273d29d02046381b0c5b89d3f7
-
SHA256
d770c264805b357e6614de88b68147e840892ebd5f78efb0db3d795991f6da61
-
SHA512
495ddd4c841bcae20bb2d9358dc3d805d73a9b3eaf2bda247759d0002e7de9b270dff230eea3de78e40ebd82c1e809e21c1bbe750887a04d3e9dd21721fdab56
-
SSDEEP
12288:sMrPy90eO3GjXtlaSNMGyUmMR+Y41VMPrD9/Ov9+8S+Xj33nB7wz:zylhj33MGyUzR+YwKPi9+h2o
Static task
static1
Behavioral task
behavioral1
Sample
d770c264805b357e6614de88b68147e840892ebd5f78efb0db3d795991f6da61.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
d770c264805b357e6614de88b68147e840892ebd5f78efb0db3d795991f6da61
-
Size
673KB
-
MD5
021ae389deb1e5c27145b7eee3d4796e
-
SHA1
7b020f90bae88b273d29d02046381b0c5b89d3f7
-
SHA256
d770c264805b357e6614de88b68147e840892ebd5f78efb0db3d795991f6da61
-
SHA512
495ddd4c841bcae20bb2d9358dc3d805d73a9b3eaf2bda247759d0002e7de9b270dff230eea3de78e40ebd82c1e809e21c1bbe750887a04d3e9dd21721fdab56
-
SSDEEP
12288:sMrPy90eO3GjXtlaSNMGyUmMR+Y41VMPrD9/Ov9+8S+Xj33nB7wz:zylhj33MGyUzR+YwKPi9+h2o
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-