General
-
Target
b7c225f0e3d4554ab6476899c3ae44280dd839f44f1e8bf5881219326393c355
-
Size
671KB
-
Sample
230331-zezs6sdc38
-
MD5
3e8672c566fc3386c3ac1a4776e2aff9
-
SHA1
24fd46de105dbf442e8ee2afddb8dd7178fcc661
-
SHA256
b7c225f0e3d4554ab6476899c3ae44280dd839f44f1e8bf5881219326393c355
-
SHA512
53da3dc3f8846d39d3737d66b4f757787fb341e69d49311feaaacf36279cc13ac59b004c5522416e689ca978fa0fa1796fcf326e9fa61d78339c9913827e05d2
-
SSDEEP
12288:dMrEy90+jf2MQY0uprU/GZDAJK7X225A50fgVkkL6VZxnxhKRnX73LqfsVjJAF8:RyHmgU/GlNX225A50fb46VZxCxX73GfM
Static task
static1
Behavioral task
behavioral1
Sample
b7c225f0e3d4554ab6476899c3ae44280dd839f44f1e8bf5881219326393c355.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
b7c225f0e3d4554ab6476899c3ae44280dd839f44f1e8bf5881219326393c355
-
Size
671KB
-
MD5
3e8672c566fc3386c3ac1a4776e2aff9
-
SHA1
24fd46de105dbf442e8ee2afddb8dd7178fcc661
-
SHA256
b7c225f0e3d4554ab6476899c3ae44280dd839f44f1e8bf5881219326393c355
-
SHA512
53da3dc3f8846d39d3737d66b4f757787fb341e69d49311feaaacf36279cc13ac59b004c5522416e689ca978fa0fa1796fcf326e9fa61d78339c9913827e05d2
-
SSDEEP
12288:dMrEy90+jf2MQY0uprU/GZDAJK7X225A50fgVkkL6VZxnxhKRnX73LqfsVjJAF8:RyHmgU/GlNX225A50fb46VZxCxX73GfM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-