General
-
Target
f05e444e0eff783f000ebd86dd38c618e2e371b2e859524f7547f0373d3f4864
-
Size
672KB
-
Sample
230331-yaqt2acg97
-
MD5
d17b34f8a5070d52e648368758bea7e3
-
SHA1
c24e65a8aaf30dd17f1026ed82489af7b0674d8d
-
SHA256
f05e444e0eff783f000ebd86dd38c618e2e371b2e859524f7547f0373d3f4864
-
SHA512
cb99c24ea1664f16dd7123f789d498102a0306bf8f17e4045e627a479e88dd68ac0da39a6b81f16b07080f7a35572d7eede511d3bc2c96fddd892abd7acc0b06
-
SSDEEP
12288:9Mroy90wDp6Q/dfTSP0DQa5c7HDb8ObYrQmK9P:9ynoA20DpW7jPbtf9P
Static task
static1
Behavioral task
behavioral1
Sample
f05e444e0eff783f000ebd86dd38c618e2e371b2e859524f7547f0373d3f4864.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
f05e444e0eff783f000ebd86dd38c618e2e371b2e859524f7547f0373d3f4864
-
Size
672KB
-
MD5
d17b34f8a5070d52e648368758bea7e3
-
SHA1
c24e65a8aaf30dd17f1026ed82489af7b0674d8d
-
SHA256
f05e444e0eff783f000ebd86dd38c618e2e371b2e859524f7547f0373d3f4864
-
SHA512
cb99c24ea1664f16dd7123f789d498102a0306bf8f17e4045e627a479e88dd68ac0da39a6b81f16b07080f7a35572d7eede511d3bc2c96fddd892abd7acc0b06
-
SSDEEP
12288:9Mroy90wDp6Q/dfTSP0DQa5c7HDb8ObYrQmK9P:9ynoA20DpW7jPbtf9P
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-