General
-
Target
3cd5869d5d8efb7b3bbf2dff338dd40c6f40ab9de13af550ed394cc61516dbfc
-
Size
673KB
-
Sample
230331-yecg7sec21
-
MD5
53896513c95d6ba04fb284939e6f1b01
-
SHA1
9af36b53b679065df5ea4ef7f73a9078bee5f443
-
SHA256
3cd5869d5d8efb7b3bbf2dff338dd40c6f40ab9de13af550ed394cc61516dbfc
-
SHA512
d0eb03d297fc0468a16a6a91848c31b19b404964e2dad4d045b72c7b324eed2a42dd291e97e9b32a96d6f11a2848b762e2b1bce32a1e6be9b0b0200355b372b5
-
SSDEEP
12288:WMr6y902NvuinVERC2KmvBnRTlCW9RabJ+ofKn45Obyrymzyan32:YyrnVEw2KIRMOSEJn3bFayaG
Static task
static1
Behavioral task
behavioral1
Sample
3cd5869d5d8efb7b3bbf2dff338dd40c6f40ab9de13af550ed394cc61516dbfc.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
3cd5869d5d8efb7b3bbf2dff338dd40c6f40ab9de13af550ed394cc61516dbfc
-
Size
673KB
-
MD5
53896513c95d6ba04fb284939e6f1b01
-
SHA1
9af36b53b679065df5ea4ef7f73a9078bee5f443
-
SHA256
3cd5869d5d8efb7b3bbf2dff338dd40c6f40ab9de13af550ed394cc61516dbfc
-
SHA512
d0eb03d297fc0468a16a6a91848c31b19b404964e2dad4d045b72c7b324eed2a42dd291e97e9b32a96d6f11a2848b762e2b1bce32a1e6be9b0b0200355b372b5
-
SSDEEP
12288:WMr6y902NvuinVERC2KmvBnRTlCW9RabJ+ofKn45Obyrymzyan32:YyrnVEw2KIRMOSEJn3bFayaG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-