General
-
Target
181c7eecda058bb07fd25f43f0c8cc8b48ba46e84fbf6c7c30cc67154f552c23
-
Size
672KB
-
Sample
230331-ye9spsec3z
-
MD5
dbaeb44c439bdd7d134863310ecc2e85
-
SHA1
31e97634bebc342b9dba6b618e053968ece82706
-
SHA256
181c7eecda058bb07fd25f43f0c8cc8b48ba46e84fbf6c7c30cc67154f552c23
-
SHA512
b55306bf5fac93bd9b2b573b05a447d48c0bc5d06262cfeeff4cd7f658ef9817fc6c4916b45ebcafb3e5ceffde5f028d17047085aa47746b6895eb683bbc327c
-
SSDEEP
12288:gMray90REzKkHToBEjq0mhWU4YAs8tenObOrbmKJIp9Y/v:qyPzoBE2SMBoTbybs+H
Static task
static1
Behavioral task
behavioral1
Sample
181c7eecda058bb07fd25f43f0c8cc8b48ba46e84fbf6c7c30cc67154f552c23.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
181c7eecda058bb07fd25f43f0c8cc8b48ba46e84fbf6c7c30cc67154f552c23
-
Size
672KB
-
MD5
dbaeb44c439bdd7d134863310ecc2e85
-
SHA1
31e97634bebc342b9dba6b618e053968ece82706
-
SHA256
181c7eecda058bb07fd25f43f0c8cc8b48ba46e84fbf6c7c30cc67154f552c23
-
SHA512
b55306bf5fac93bd9b2b573b05a447d48c0bc5d06262cfeeff4cd7f658ef9817fc6c4916b45ebcafb3e5ceffde5f028d17047085aa47746b6895eb683bbc327c
-
SSDEEP
12288:gMray90REzKkHToBEjq0mhWU4YAs8tenObOrbmKJIp9Y/v:qyPzoBE2SMBoTbybs+H
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-