General
-
Target
c01c2092fb5b18d3cc95ac044ddfcc9ee7d2d22279faaf7ee87a06d8e78c75e0
-
Size
533KB
-
Sample
230331-ytjvtsed3z
-
MD5
883eaea58e30f8698c5cf55f4aa2c147
-
SHA1
de1dcb7115e37a657c35d2ba240e360204b14e89
-
SHA256
c01c2092fb5b18d3cc95ac044ddfcc9ee7d2d22279faaf7ee87a06d8e78c75e0
-
SHA512
a6a4ff9e3bfe0d3b047e72dca521e805db3f86c7eea915cbfce252297353f4fb5fda5e8418577c687bb9db6be1bc60c5d3febd4deb572882f27c96f58985b524
-
SSDEEP
12288:XMrsy90SLFA6F5q8m1eOM5DJRaQOZLKCObRrJWGrK4L:7yz1P5BNyVCbx
Static task
static1
Behavioral task
behavioral1
Sample
c01c2092fb5b18d3cc95ac044ddfcc9ee7d2d22279faaf7ee87a06d8e78c75e0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
c01c2092fb5b18d3cc95ac044ddfcc9ee7d2d22279faaf7ee87a06d8e78c75e0
-
Size
533KB
-
MD5
883eaea58e30f8698c5cf55f4aa2c147
-
SHA1
de1dcb7115e37a657c35d2ba240e360204b14e89
-
SHA256
c01c2092fb5b18d3cc95ac044ddfcc9ee7d2d22279faaf7ee87a06d8e78c75e0
-
SHA512
a6a4ff9e3bfe0d3b047e72dca521e805db3f86c7eea915cbfce252297353f4fb5fda5e8418577c687bb9db6be1bc60c5d3febd4deb572882f27c96f58985b524
-
SSDEEP
12288:XMrsy90SLFA6F5q8m1eOM5DJRaQOZLKCObRrJWGrK4L:7yz1P5BNyVCbx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-