General
-
Target
0b255defd0642880b352d5b4e30c3aaf534619a1ea8d50445c97f1d85d1221aa
-
Size
534KB
-
Sample
230331-y1gztadb34
-
MD5
b6b9af910ff81884f7e1f2c7cee96dad
-
SHA1
c84ecf2f0e979e33a814bff4859014f99d1b17b3
-
SHA256
0b255defd0642880b352d5b4e30c3aaf534619a1ea8d50445c97f1d85d1221aa
-
SHA512
9f28d3144893747e8e7e28c685df1726cfba970201c2ee50f23b295aaa0c6d89c46e361bee3c51b4f7b50d19190b232f0d13a3efb7fb6fcee6a6f5f9f14f75dd
-
SSDEEP
12288:HMrdy903Tj7N5mFe69/ucILWewBObKr6NhLLT+kImkukp:myo7N5mFX/DepbnNhb0AY
Static task
static1
Behavioral task
behavioral1
Sample
0b255defd0642880b352d5b4e30c3aaf534619a1ea8d50445c97f1d85d1221aa.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
0b255defd0642880b352d5b4e30c3aaf534619a1ea8d50445c97f1d85d1221aa
-
Size
534KB
-
MD5
b6b9af910ff81884f7e1f2c7cee96dad
-
SHA1
c84ecf2f0e979e33a814bff4859014f99d1b17b3
-
SHA256
0b255defd0642880b352d5b4e30c3aaf534619a1ea8d50445c97f1d85d1221aa
-
SHA512
9f28d3144893747e8e7e28c685df1726cfba970201c2ee50f23b295aaa0c6d89c46e361bee3c51b4f7b50d19190b232f0d13a3efb7fb6fcee6a6f5f9f14f75dd
-
SSDEEP
12288:HMrdy903Tj7N5mFe69/ucILWewBObKr6NhLLT+kImkukp:myo7N5mFX/DepbnNhb0AY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-