General
-
Target
2ce2e2de957b0c4f56d3e077ba8c12a1b5de6148001b204322d411964cdf297d
-
Size
673KB
-
Sample
230331-xyfhjaea7z
-
MD5
5afa6a0f555f19db665939d5d3fe1433
-
SHA1
c7349d28b3f7d2f3ca8e727d86364d786e1e88c7
-
SHA256
2ce2e2de957b0c4f56d3e077ba8c12a1b5de6148001b204322d411964cdf297d
-
SHA512
d09374b541f0af1f532281f1f8bafb112da26eb7c0862056fe75800fcf0806e8d830c9d643a7f2cbd51d6d6f78a28f8b93f481d7638e838e65b6d5d610499d3d
-
SSDEEP
12288:xMr8y90t0vhydweOYMpN+IBwXnmGPcEF5Ob2rem/x3BP:VyTvhW0tumUSbXSx3BP
Static task
static1
Behavioral task
behavioral1
Sample
2ce2e2de957b0c4f56d3e077ba8c12a1b5de6148001b204322d411964cdf297d.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
2ce2e2de957b0c4f56d3e077ba8c12a1b5de6148001b204322d411964cdf297d
-
Size
673KB
-
MD5
5afa6a0f555f19db665939d5d3fe1433
-
SHA1
c7349d28b3f7d2f3ca8e727d86364d786e1e88c7
-
SHA256
2ce2e2de957b0c4f56d3e077ba8c12a1b5de6148001b204322d411964cdf297d
-
SHA512
d09374b541f0af1f532281f1f8bafb112da26eb7c0862056fe75800fcf0806e8d830c9d643a7f2cbd51d6d6f78a28f8b93f481d7638e838e65b6d5d610499d3d
-
SSDEEP
12288:xMr8y90t0vhydweOYMpN+IBwXnmGPcEF5Ob2rem/x3BP:VyTvhW0tumUSbXSx3BP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-