General
-
Target
5ed8abac5ae1b3000a35e5d1a686cc4433dcb219943932706c5edc8f8419e2ab
-
Size
672KB
-
Sample
230331-yztxzsed7s
-
MD5
26194956c48485588a015cc5c66a65e3
-
SHA1
af4736cee81d262ca4f1d844ad54a66207ddc4f6
-
SHA256
5ed8abac5ae1b3000a35e5d1a686cc4433dcb219943932706c5edc8f8419e2ab
-
SHA512
4032bf7bf8f1a9a0a01c58367476ef9f7e80a6eb9d266710607b0feb8274248c3d5883035fc53be3bd80d7d0f1aed00ab8f3f6c7a9e198ae3945b177ea081f07
-
SSDEEP
12288:pMrfy90Je+0Dd8avQ5SaNsoN1ByMQJI4JWObXramBjK4Vj:6yz+S48KYMN4TbO8j/j
Static task
static1
Behavioral task
behavioral1
Sample
5ed8abac5ae1b3000a35e5d1a686cc4433dcb219943932706c5edc8f8419e2ab.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
5ed8abac5ae1b3000a35e5d1a686cc4433dcb219943932706c5edc8f8419e2ab
-
Size
672KB
-
MD5
26194956c48485588a015cc5c66a65e3
-
SHA1
af4736cee81d262ca4f1d844ad54a66207ddc4f6
-
SHA256
5ed8abac5ae1b3000a35e5d1a686cc4433dcb219943932706c5edc8f8419e2ab
-
SHA512
4032bf7bf8f1a9a0a01c58367476ef9f7e80a6eb9d266710607b0feb8274248c3d5883035fc53be3bd80d7d0f1aed00ab8f3f6c7a9e198ae3945b177ea081f07
-
SSDEEP
12288:pMrfy90Je+0Dd8avQ5SaNsoN1ByMQJI4JWObXramBjK4Vj:6yz+S48KYMN4TbO8j/j
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-