General
-
Target
4d76d5a41b1a4e5483a8b07b17b409580fdda81404c6cbcc3ea250f585a93ffc
-
Size
673KB
-
Sample
230331-ydfs8sec2t
-
MD5
05c12f87e63f1241ed3663f41b5ea905
-
SHA1
7c6a335f97cb0788ce20abbf4bc9213647b727c3
-
SHA256
4d76d5a41b1a4e5483a8b07b17b409580fdda81404c6cbcc3ea250f585a93ffc
-
SHA512
7963a1555a17f12527fe33882565707dcdb46cf3c840b660d35ca3cf45f1185a4810e93809d0252d8cccbb752d8d541aa35a8961b953e48b47161c7077b9b381
-
SSDEEP
12288:3MrUy90r7wF1w1iyo80XTjlLGTSITHopFKCHudyZG3ZD/ObGrwmSibzLGs6y:Hyk7w3w1PyXfwTvHePudIGJabNXizG0
Static task
static1
Behavioral task
behavioral1
Sample
4d76d5a41b1a4e5483a8b07b17b409580fdda81404c6cbcc3ea250f585a93ffc.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
4d76d5a41b1a4e5483a8b07b17b409580fdda81404c6cbcc3ea250f585a93ffc
-
Size
673KB
-
MD5
05c12f87e63f1241ed3663f41b5ea905
-
SHA1
7c6a335f97cb0788ce20abbf4bc9213647b727c3
-
SHA256
4d76d5a41b1a4e5483a8b07b17b409580fdda81404c6cbcc3ea250f585a93ffc
-
SHA512
7963a1555a17f12527fe33882565707dcdb46cf3c840b660d35ca3cf45f1185a4810e93809d0252d8cccbb752d8d541aa35a8961b953e48b47161c7077b9b381
-
SSDEEP
12288:3MrUy90r7wF1w1iyo80XTjlLGTSITHopFKCHudyZG3ZD/ObGrwmSibzLGs6y:Hyk7w3w1PyXfwTvHePudIGJabNXizG0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-