General
-
Target
cb6d199b34164a8efcfb37424b39a693bda05e4747fff696a8e08b3cbfa9bb68
-
Size
534KB
-
Sample
230331-ygt52ach63
-
MD5
00b0a0177174ef781a792c65fc0bf0a2
-
SHA1
d457f8d85f8bb4650d07a6f70c30a085ef0c8007
-
SHA256
cb6d199b34164a8efcfb37424b39a693bda05e4747fff696a8e08b3cbfa9bb68
-
SHA512
54a7cb1b3a1dedaeea9885e56fddb4045e145c184886ab6063894c2e5c44d469e3b10600756748c1bc63373c6d71d4c63916e0c849e1c7fe0e1689fe6d58a9f4
-
SSDEEP
12288:yMr2y902ViTRsVidBxJy0wqyqhwOb+rwQqYs8t:gyYRsaIrqxbml
Static task
static1
Behavioral task
behavioral1
Sample
cb6d199b34164a8efcfb37424b39a693bda05e4747fff696a8e08b3cbfa9bb68.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
cb6d199b34164a8efcfb37424b39a693bda05e4747fff696a8e08b3cbfa9bb68
-
Size
534KB
-
MD5
00b0a0177174ef781a792c65fc0bf0a2
-
SHA1
d457f8d85f8bb4650d07a6f70c30a085ef0c8007
-
SHA256
cb6d199b34164a8efcfb37424b39a693bda05e4747fff696a8e08b3cbfa9bb68
-
SHA512
54a7cb1b3a1dedaeea9885e56fddb4045e145c184886ab6063894c2e5c44d469e3b10600756748c1bc63373c6d71d4c63916e0c849e1c7fe0e1689fe6d58a9f4
-
SSDEEP
12288:yMr2y902ViTRsVidBxJy0wqyqhwOb+rwQqYs8t:gyYRsaIrqxbml
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-