General
-
Target
a86aef09ab694d9f3a203c62bc8d57bfc6c1ab295d2427fd6276aca0f2d54f33
-
Size
671KB
-
Sample
230331-z7nxdade64
-
MD5
5156cae7415e30019b1f47890ad1c3c4
-
SHA1
76e073cb40159649613b877067e8a2d691d22da1
-
SHA256
a86aef09ab694d9f3a203c62bc8d57bfc6c1ab295d2427fd6276aca0f2d54f33
-
SHA512
0307f24b16441a4cbb266186a3fcbed84a493e5b2ffdf2794df834f1201e398042c59dd2a2e98df732dfa1d7a331985468ac5159753921c27cc65fc3ed9452e4
-
SSDEEP
12288:RMrUy90gjlAUJ+kCsB0f6I6giT0fg/sb90O22raq3LqF3nW1FM:RyVl5O6EiT0fAb2eq3GFX+K
Static task
static1
Behavioral task
behavioral1
Sample
a86aef09ab694d9f3a203c62bc8d57bfc6c1ab295d2427fd6276aca0f2d54f33.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
a86aef09ab694d9f3a203c62bc8d57bfc6c1ab295d2427fd6276aca0f2d54f33
-
Size
671KB
-
MD5
5156cae7415e30019b1f47890ad1c3c4
-
SHA1
76e073cb40159649613b877067e8a2d691d22da1
-
SHA256
a86aef09ab694d9f3a203c62bc8d57bfc6c1ab295d2427fd6276aca0f2d54f33
-
SHA512
0307f24b16441a4cbb266186a3fcbed84a493e5b2ffdf2794df834f1201e398042c59dd2a2e98df732dfa1d7a331985468ac5159753921c27cc65fc3ed9452e4
-
SSDEEP
12288:RMrUy90gjlAUJ+kCsB0f6I6giT0fg/sb90O22raq3LqF3nW1FM:RyVl5O6EiT0fAb2eq3GFX+K
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-