General
-
Target
d504fe1e2853fb3790e9ed99cba525c5f567a06027e5fb0386bd94b58e2e5048
-
Size
672KB
-
Sample
230331-y7xnvaee5t
-
MD5
85bbef838d6e0f0b4c21c2f144cca3e8
-
SHA1
fef069ffba6755d36ce77d1200d94db86038c9b3
-
SHA256
d504fe1e2853fb3790e9ed99cba525c5f567a06027e5fb0386bd94b58e2e5048
-
SHA512
0ddf88acdd846c542885ab27769dcec7ff16a3ef9e21d10bc100a1547e517efe8d802626ff448248961b40356fb569f6a2213a82ceb839f478b456544e0af981
-
SSDEEP
12288:7MrOy90EUhe3zxlxwzc/GzphGWITHoqFKCFuA0qaZ9PJO0Lqy++9pkSa0YFP:NyrBOzGDH9NuA0qazhO0GyzPkSa0QP
Static task
static1
Behavioral task
behavioral1
Sample
d504fe1e2853fb3790e9ed99cba525c5f567a06027e5fb0386bd94b58e2e5048.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
d504fe1e2853fb3790e9ed99cba525c5f567a06027e5fb0386bd94b58e2e5048
-
Size
672KB
-
MD5
85bbef838d6e0f0b4c21c2f144cca3e8
-
SHA1
fef069ffba6755d36ce77d1200d94db86038c9b3
-
SHA256
d504fe1e2853fb3790e9ed99cba525c5f567a06027e5fb0386bd94b58e2e5048
-
SHA512
0ddf88acdd846c542885ab27769dcec7ff16a3ef9e21d10bc100a1547e517efe8d802626ff448248961b40356fb569f6a2213a82ceb839f478b456544e0af981
-
SSDEEP
12288:7MrOy90EUhe3zxlxwzc/GzphGWITHoqFKCFuA0qaZ9PJO0Lqy++9pkSa0YFP:NyrBOzGDH9NuA0qazhO0GyzPkSa0QP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-