General
-
Target
dffcb60041095b90ebef0c8d5bb09adb12cb3d42c5d4cfa95563a63f3b545fdb
-
Size
533KB
-
Sample
230331-z7fk1aeh2x
-
MD5
77189f16ce3e06eaf2cde14affcae0d8
-
SHA1
55c984d44f4150d13fc61805c9a6af178b70fab6
-
SHA256
dffcb60041095b90ebef0c8d5bb09adb12cb3d42c5d4cfa95563a63f3b545fdb
-
SHA512
a447bf58a08ee21061d6ee648ebcfd9a19549277fb736be08f0b17e02fa434e1279601e17341fcc6a55aae7b235232985b15b83649f6b1459104772a0a20d818
-
SSDEEP
12288:HMrqy903kg8utxs6ST+3Lqdu/FJD+z+Mt6:NymE6W+3GXz+Mt6
Static task
static1
Behavioral task
behavioral1
Sample
dffcb60041095b90ebef0c8d5bb09adb12cb3d42c5d4cfa95563a63f3b545fdb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
dffcb60041095b90ebef0c8d5bb09adb12cb3d42c5d4cfa95563a63f3b545fdb
-
Size
533KB
-
MD5
77189f16ce3e06eaf2cde14affcae0d8
-
SHA1
55c984d44f4150d13fc61805c9a6af178b70fab6
-
SHA256
dffcb60041095b90ebef0c8d5bb09adb12cb3d42c5d4cfa95563a63f3b545fdb
-
SHA512
a447bf58a08ee21061d6ee648ebcfd9a19549277fb736be08f0b17e02fa434e1279601e17341fcc6a55aae7b235232985b15b83649f6b1459104772a0a20d818
-
SSDEEP
12288:HMrqy903kg8utxs6ST+3Lqdu/FJD+z+Mt6:NymE6W+3GXz+Mt6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-