General
-
Target
517842e4c7366844a4291ad7eb11ed29d01e3022caf31875e43e51c0112e2c08
-
Size
533KB
-
Sample
230331-y7pm8see5s
-
MD5
3757402c6657188b3086dce459e2b597
-
SHA1
f2d43ba234331a6142c175a813189b6523af109e
-
SHA256
517842e4c7366844a4291ad7eb11ed29d01e3022caf31875e43e51c0112e2c08
-
SHA512
925ef89adaaf3d1c2d90352f88416ece111720e5d74568ea11e2991b407797dec13ee89f3f9de39d712e938cb161a26a3c8d9ecf3d36f414f9198e2e2df1c991
-
SSDEEP
12288:YMr0y90DeUXlPTiXWvPN6BuP3LqTUzhPEKnaCMj7vz9pe:8yoXYXWvPN6UP3GwVsKnajr9A
Static task
static1
Behavioral task
behavioral1
Sample
517842e4c7366844a4291ad7eb11ed29d01e3022caf31875e43e51c0112e2c08.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
517842e4c7366844a4291ad7eb11ed29d01e3022caf31875e43e51c0112e2c08
-
Size
533KB
-
MD5
3757402c6657188b3086dce459e2b597
-
SHA1
f2d43ba234331a6142c175a813189b6523af109e
-
SHA256
517842e4c7366844a4291ad7eb11ed29d01e3022caf31875e43e51c0112e2c08
-
SHA512
925ef89adaaf3d1c2d90352f88416ece111720e5d74568ea11e2991b407797dec13ee89f3f9de39d712e938cb161a26a3c8d9ecf3d36f414f9198e2e2df1c991
-
SSDEEP
12288:YMr0y90DeUXlPTiXWvPN6BuP3LqTUzhPEKnaCMj7vz9pe:8yoXYXWvPN6UP3GwVsKnajr9A
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-