General
-
Target
9a87d2f4bb481c58b67a6cf88aba0ff99bfb21052e84e919d1243cba86c65996
-
Size
673KB
-
Sample
230331-y2n5hsed9s
-
MD5
5f926814274ae2764d557c4d265bd351
-
SHA1
e9e3080ee885a709c8f8f35f26a3c0039f6a6411
-
SHA256
9a87d2f4bb481c58b67a6cf88aba0ff99bfb21052e84e919d1243cba86c65996
-
SHA512
e14fb0c625b503dfbc46c97a61fadf1f0338d1591441c825b0dbe32ab56ded6f94961cdb56176f43bfbc1a8a745e5b3f7792a1748b8992b86f232161a618100c
-
SSDEEP
12288:gMrjy90zI+3hx7M90H7WztTyam0wouIjD6hio01m7LqTra/ffA93w:TyWhx73Mt9nzmc/1m7GTrefo93w
Static task
static1
Behavioral task
behavioral1
Sample
9a87d2f4bb481c58b67a6cf88aba0ff99bfb21052e84e919d1243cba86c65996.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
9a87d2f4bb481c58b67a6cf88aba0ff99bfb21052e84e919d1243cba86c65996
-
Size
673KB
-
MD5
5f926814274ae2764d557c4d265bd351
-
SHA1
e9e3080ee885a709c8f8f35f26a3c0039f6a6411
-
SHA256
9a87d2f4bb481c58b67a6cf88aba0ff99bfb21052e84e919d1243cba86c65996
-
SHA512
e14fb0c625b503dfbc46c97a61fadf1f0338d1591441c825b0dbe32ab56ded6f94961cdb56176f43bfbc1a8a745e5b3f7792a1748b8992b86f232161a618100c
-
SSDEEP
12288:gMrjy90zI+3hx7M90H7WztTyam0wouIjD6hio01m7LqTra/ffA93w:TyWhx73Mt9nzmc/1m7GTrefo93w
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-