General
-
Target
099817bec909bf51938cd617fabfa7edc6927e52bbc6a67e27a5fe701a0fffbc
-
Size
534KB
-
Sample
230331-yqt7dsec91
-
MD5
3b9b03307fabde5c308e0f6c95558887
-
SHA1
524e2493253deed98b075adc6f3551f496d64f92
-
SHA256
099817bec909bf51938cd617fabfa7edc6927e52bbc6a67e27a5fe701a0fffbc
-
SHA512
02948b08ab972954b8c25d51dc95916e8ecfb860906a17aba67a92ca74c44167580e7ec8006d7c0f965037927522d02c2875f600d3b4b79e9b67c9d16e221182
-
SSDEEP
12288:kMr1y90E2qvLfz/QxGJBj4IvWObtrlBd0gDzr92I/09Bi:By7LL/QEJfbDr04Z2I/Ik
Static task
static1
Behavioral task
behavioral1
Sample
099817bec909bf51938cd617fabfa7edc6927e52bbc6a67e27a5fe701a0fffbc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
099817bec909bf51938cd617fabfa7edc6927e52bbc6a67e27a5fe701a0fffbc
-
Size
534KB
-
MD5
3b9b03307fabde5c308e0f6c95558887
-
SHA1
524e2493253deed98b075adc6f3551f496d64f92
-
SHA256
099817bec909bf51938cd617fabfa7edc6927e52bbc6a67e27a5fe701a0fffbc
-
SHA512
02948b08ab972954b8c25d51dc95916e8ecfb860906a17aba67a92ca74c44167580e7ec8006d7c0f965037927522d02c2875f600d3b4b79e9b67c9d16e221182
-
SSDEEP
12288:kMr1y90E2qvLfz/QxGJBj4IvWObtrlBd0gDzr92I/09Bi:By7LL/QEJfbDr04Z2I/Ik
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-