General
-
Target
d8c375081e3cbd8b4823ebf13ef2b436fe05bd98be579bfa8b99707037aa2f11
-
Size
673KB
-
Sample
230331-zb95qsee8z
-
MD5
e930f7a85086cbdd09eea4e1664e5a3b
-
SHA1
43883c0c92748f42c0c3fb5a398d9a31f4c4bbc5
-
SHA256
d8c375081e3cbd8b4823ebf13ef2b436fe05bd98be579bfa8b99707037aa2f11
-
SHA512
f4000c0eafa7d9315458c30bf8599268fddf4707fe89ead3d9b85c216ba6296f74268894c91afbf1c472df81846708d64f7848132cd5837fd14c7af6af09ac88
-
SSDEEP
12288:PMrhy90ckmUNW91zYTT8T4agi6XPFWy0QXNEPlmTLqc2J6UMkO:6yxkmsW9NY3OxLGNymTGcw6rkO
Static task
static1
Behavioral task
behavioral1
Sample
d8c375081e3cbd8b4823ebf13ef2b436fe05bd98be579bfa8b99707037aa2f11.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
d8c375081e3cbd8b4823ebf13ef2b436fe05bd98be579bfa8b99707037aa2f11
-
Size
673KB
-
MD5
e930f7a85086cbdd09eea4e1664e5a3b
-
SHA1
43883c0c92748f42c0c3fb5a398d9a31f4c4bbc5
-
SHA256
d8c375081e3cbd8b4823ebf13ef2b436fe05bd98be579bfa8b99707037aa2f11
-
SHA512
f4000c0eafa7d9315458c30bf8599268fddf4707fe89ead3d9b85c216ba6296f74268894c91afbf1c472df81846708d64f7848132cd5837fd14c7af6af09ac88
-
SSDEEP
12288:PMrhy90ckmUNW91zYTT8T4agi6XPFWy0QXNEPlmTLqc2J6UMkO:6yxkmsW9NY3OxLGNymTGcw6rkO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-