General
-
Target
ce09aeeda262fed5bd7fa3d8cafc48cbd1f9bd7b822edcf37ba33da5824069cc
-
Size
534KB
-
Sample
230331-zglpbsdc48
-
MD5
27092ffafd2edc0b5e2142399984b12b
-
SHA1
293123385c019faf1d13ae531182b58c48145fa5
-
SHA256
ce09aeeda262fed5bd7fa3d8cafc48cbd1f9bd7b822edcf37ba33da5824069cc
-
SHA512
7994ce64e681ac2363c0bbf5329763e6762874ae38200d9983bd567c6cd08fdcade548d4e436386846ab17739686c9998fc8ef662a36e9fe30595228d68e1fba
-
SSDEEP
12288:wMr6y90scz3kbcAaCCls2KX0aTw3LqqxQxA2cCkwu:ayigcAfcsZTw3G8W7iwu
Static task
static1
Behavioral task
behavioral1
Sample
ce09aeeda262fed5bd7fa3d8cafc48cbd1f9bd7b822edcf37ba33da5824069cc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
ce09aeeda262fed5bd7fa3d8cafc48cbd1f9bd7b822edcf37ba33da5824069cc
-
Size
534KB
-
MD5
27092ffafd2edc0b5e2142399984b12b
-
SHA1
293123385c019faf1d13ae531182b58c48145fa5
-
SHA256
ce09aeeda262fed5bd7fa3d8cafc48cbd1f9bd7b822edcf37ba33da5824069cc
-
SHA512
7994ce64e681ac2363c0bbf5329763e6762874ae38200d9983bd567c6cd08fdcade548d4e436386846ab17739686c9998fc8ef662a36e9fe30595228d68e1fba
-
SSDEEP
12288:wMr6y90scz3kbcAaCCls2KX0aTw3LqqxQxA2cCkwu:ayigcAfcsZTw3G8W7iwu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-