General
-
Target
b26bf9ed08b8d2770543a3567b950cbaf3a134a15820b1b7c2bbfae70657bc71
-
Size
533KB
-
Sample
230331-yyxbqadb25
-
MD5
25338b85b90cf9a9337b4d030c5f0985
-
SHA1
c19111598b5335b7319c5cccd0c48a6e8077296e
-
SHA256
b26bf9ed08b8d2770543a3567b950cbaf3a134a15820b1b7c2bbfae70657bc71
-
SHA512
7ce647c1d28fa695da05fa87892493239a37b2098e979a79a37dd254b74a7ddc7b1ca23768b75a8b23bc3215341507eefc534450c0db2adbb90f7a52552b9cd4
-
SSDEEP
12288:uMrWy904GZjK5xORYC6t7XhQvGOb4rb6OIFWYEjrnGwz:8yse5wAAbW6JWYmGA
Static task
static1
Behavioral task
behavioral1
Sample
b26bf9ed08b8d2770543a3567b950cbaf3a134a15820b1b7c2bbfae70657bc71.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
b26bf9ed08b8d2770543a3567b950cbaf3a134a15820b1b7c2bbfae70657bc71
-
Size
533KB
-
MD5
25338b85b90cf9a9337b4d030c5f0985
-
SHA1
c19111598b5335b7319c5cccd0c48a6e8077296e
-
SHA256
b26bf9ed08b8d2770543a3567b950cbaf3a134a15820b1b7c2bbfae70657bc71
-
SHA512
7ce647c1d28fa695da05fa87892493239a37b2098e979a79a37dd254b74a7ddc7b1ca23768b75a8b23bc3215341507eefc534450c0db2adbb90f7a52552b9cd4
-
SSDEEP
12288:uMrWy904GZjK5xORYC6t7XhQvGOb4rb6OIFWYEjrnGwz:8yse5wAAbW6JWYmGA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-