General
-
Target
085c604e43094d4122fc1d90d513c6445c758235211118c7fb4ef2344e0daee2
-
Size
534KB
-
Sample
230331-ybpncseb9t
-
MD5
bec4c9c4f1f03d5ff50c6b9cdd548071
-
SHA1
4293545d54ea85e87567c7cb919cb87c1e55d4d3
-
SHA256
085c604e43094d4122fc1d90d513c6445c758235211118c7fb4ef2344e0daee2
-
SHA512
a950f97e5fef7dfc6095c14186086834f746c50e53431daf0953b8c73e23e51e9719fda864740745c68c79677a2d8a445a861e1c9760cd435c778f7b532eb7ca
-
SSDEEP
12288:pMrky90YVB2uBEmF6OmObprBxJ0YVf2l3eI:9ydjBbpf2deI
Static task
static1
Behavioral task
behavioral1
Sample
085c604e43094d4122fc1d90d513c6445c758235211118c7fb4ef2344e0daee2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
085c604e43094d4122fc1d90d513c6445c758235211118c7fb4ef2344e0daee2
-
Size
534KB
-
MD5
bec4c9c4f1f03d5ff50c6b9cdd548071
-
SHA1
4293545d54ea85e87567c7cb919cb87c1e55d4d3
-
SHA256
085c604e43094d4122fc1d90d513c6445c758235211118c7fb4ef2344e0daee2
-
SHA512
a950f97e5fef7dfc6095c14186086834f746c50e53431daf0953b8c73e23e51e9719fda864740745c68c79677a2d8a445a861e1c9760cd435c778f7b532eb7ca
-
SSDEEP
12288:pMrky90YVB2uBEmF6OmObprBxJ0YVf2l3eI:9ydjBbpf2deI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-