General
-
Target
b5980c454bd94ea0a286cb0d9db4b7638ac1a3aabccba063bc9e9214df923501
-
Size
672KB
-
Sample
230331-yv9gwada84
-
MD5
ef5a2fd9d4a1038e5119a85ae642ab74
-
SHA1
d795161efbbd79ba1cf42210b3a06237033eb803
-
SHA256
b5980c454bd94ea0a286cb0d9db4b7638ac1a3aabccba063bc9e9214df923501
-
SHA512
fe0e0b25b6bf237a5a4c3b3909dd8bd30a10d865bc2c59a2908e102d5d06a12b6285cf8e161ef11128381d14baa1c80a7a5405cf43c4d25cf1742399517d7548
-
SSDEEP
12288:UMrhy90irybJuDOOt4byl2W9R6bJ+ovRG62wvdBObOrXmmI4a:lyebJkOOt4b5O6EgRG62w+bavS
Static task
static1
Behavioral task
behavioral1
Sample
b5980c454bd94ea0a286cb0d9db4b7638ac1a3aabccba063bc9e9214df923501.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
b5980c454bd94ea0a286cb0d9db4b7638ac1a3aabccba063bc9e9214df923501
-
Size
672KB
-
MD5
ef5a2fd9d4a1038e5119a85ae642ab74
-
SHA1
d795161efbbd79ba1cf42210b3a06237033eb803
-
SHA256
b5980c454bd94ea0a286cb0d9db4b7638ac1a3aabccba063bc9e9214df923501
-
SHA512
fe0e0b25b6bf237a5a4c3b3909dd8bd30a10d865bc2c59a2908e102d5d06a12b6285cf8e161ef11128381d14baa1c80a7a5405cf43c4d25cf1742399517d7548
-
SSDEEP
12288:UMrhy90irybJuDOOt4byl2W9R6bJ+ovRG62wvdBObOrXmmI4a:lyebJkOOt4b5O6EgRG62w+bavS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-