General
-
Target
d985466811dc7942757fe5849162fbc9f30d9d84137345527dff5fb2471988ed
-
Size
534KB
-
Sample
230331-yw1alada88
-
MD5
d4c2c6b586669d226cecfcec00bea072
-
SHA1
5f9ed08a332b9736b5b978444c1990fc4d35f4d0
-
SHA256
d985466811dc7942757fe5849162fbc9f30d9d84137345527dff5fb2471988ed
-
SHA512
fc0a4505079a2e7ee9ca1450fb9c1dcb62a202e36db04d1c5bc99e57687279520d38e119e9a933494873994ef0c8172a3ab6b8c825d88c1aa7d79c1a99b90b4d
-
SSDEEP
12288:JMrGy90NhpeMrPZ9A1KfzTUoXxrOb7rgkkT1yoWF826:Dy4hpee3AbrK1yo28N
Static task
static1
Behavioral task
behavioral1
Sample
d985466811dc7942757fe5849162fbc9f30d9d84137345527dff5fb2471988ed.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
d985466811dc7942757fe5849162fbc9f30d9d84137345527dff5fb2471988ed
-
Size
534KB
-
MD5
d4c2c6b586669d226cecfcec00bea072
-
SHA1
5f9ed08a332b9736b5b978444c1990fc4d35f4d0
-
SHA256
d985466811dc7942757fe5849162fbc9f30d9d84137345527dff5fb2471988ed
-
SHA512
fc0a4505079a2e7ee9ca1450fb9c1dcb62a202e36db04d1c5bc99e57687279520d38e119e9a933494873994ef0c8172a3ab6b8c825d88c1aa7d79c1a99b90b4d
-
SSDEEP
12288:JMrGy90NhpeMrPZ9A1KfzTUoXxrOb7rgkkT1yoWF826:Dy4hpee3AbrK1yo28N
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-