General
-
Target
364ac9104550f745df8d101ec7e719b1178290b9ce28a76744d9a1b5431ff6ca
-
Size
533KB
-
Sample
230331-zlx8xsdc79
-
MD5
d1a702e7dd69b0f95c8bc7438a6e0256
-
SHA1
f35ec398095b78579cccb68c41ba4944c9791326
-
SHA256
364ac9104550f745df8d101ec7e719b1178290b9ce28a76744d9a1b5431ff6ca
-
SHA512
02b6089a3de8288b69cbebe9c220ecd4d4091c4f6c20e5ee7340e2c1eeb142db4ad4d6b90b2676b1cdee242fff1d7685c3b0c8cb2fc9d119d49bcc7e09256309
-
SSDEEP
12288:eMr8y90Lap5aK85Fcenbws6zKd3LqSl0jc6/Hr:eybUiebF6ed3Gz/r
Static task
static1
Behavioral task
behavioral1
Sample
364ac9104550f745df8d101ec7e719b1178290b9ce28a76744d9a1b5431ff6ca.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
364ac9104550f745df8d101ec7e719b1178290b9ce28a76744d9a1b5431ff6ca
-
Size
533KB
-
MD5
d1a702e7dd69b0f95c8bc7438a6e0256
-
SHA1
f35ec398095b78579cccb68c41ba4944c9791326
-
SHA256
364ac9104550f745df8d101ec7e719b1178290b9ce28a76744d9a1b5431ff6ca
-
SHA512
02b6089a3de8288b69cbebe9c220ecd4d4091c4f6c20e5ee7340e2c1eeb142db4ad4d6b90b2676b1cdee242fff1d7685c3b0c8cb2fc9d119d49bcc7e09256309
-
SSDEEP
12288:eMr8y90Lap5aK85Fcenbws6zKd3LqSl0jc6/Hr:eybUiebF6ed3Gz/r
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-