General
-
Target
c862997fe8a5112f4cbe56b6dddc4245605b6f1b0ae344a8375db5ab1f5ff64e
-
Size
533KB
-
Sample
230331-zh7cesdc62
-
MD5
9eb197c35c50d32a41d9efdb0c17e610
-
SHA1
9ae440e49d5dd80d3ea54e1424be84d3e4a33a8c
-
SHA256
c862997fe8a5112f4cbe56b6dddc4245605b6f1b0ae344a8375db5ab1f5ff64e
-
SHA512
3096943dcf9ef202d6feeb9e7ab74496570b1ec45d8245293ed9dc51ec59bc5721fd84b42e77ddfda4466d1bdb8df95138be128580f3f5c45bd068b653dea0ca
-
SSDEEP
12288:mMrAy90FZEcXalOeu9x7OQg8Q3LqL1hMcRp9bB:iyOEc3eu98Qg8Q3G1lbB
Static task
static1
Behavioral task
behavioral1
Sample
c862997fe8a5112f4cbe56b6dddc4245605b6f1b0ae344a8375db5ab1f5ff64e.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
c862997fe8a5112f4cbe56b6dddc4245605b6f1b0ae344a8375db5ab1f5ff64e
-
Size
533KB
-
MD5
9eb197c35c50d32a41d9efdb0c17e610
-
SHA1
9ae440e49d5dd80d3ea54e1424be84d3e4a33a8c
-
SHA256
c862997fe8a5112f4cbe56b6dddc4245605b6f1b0ae344a8375db5ab1f5ff64e
-
SHA512
3096943dcf9ef202d6feeb9e7ab74496570b1ec45d8245293ed9dc51ec59bc5721fd84b42e77ddfda4466d1bdb8df95138be128580f3f5c45bd068b653dea0ca
-
SSDEEP
12288:mMrAy90FZEcXalOeu9x7OQg8Q3LqL1hMcRp9bB:iyOEc3eu98Qg8Q3G1lbB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-