General
-
Target
fee13bc6d167a20e3187066e782736c5f551a4210e10239ade376736cbf7d3e4
-
Size
671KB
-
Sample
230331-znyx8sef9t
-
MD5
6bf949aea015e7c9a1f65a3da81cfff7
-
SHA1
05fd56c2822e2e2b68e76fefcf4925b302902ecd
-
SHA256
fee13bc6d167a20e3187066e782736c5f551a4210e10239ade376736cbf7d3e4
-
SHA512
63d403dfb3121074535a4bfe4cf0b371dffb3644719b5f8673f01d44bb7e8752139f9dacbfb7251b1b0d2233598a1c2ccbac3851113a3fb3ef82bd157891b816
-
SSDEEP
12288:8Mroy9059765M8jphx9qta6C0hi/fzYwC3LqqcM0ham:MyG765MEhx9Oa63hi/fDC3Gqf0Qm
Static task
static1
Behavioral task
behavioral1
Sample
fee13bc6d167a20e3187066e782736c5f551a4210e10239ade376736cbf7d3e4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
fee13bc6d167a20e3187066e782736c5f551a4210e10239ade376736cbf7d3e4
-
Size
671KB
-
MD5
6bf949aea015e7c9a1f65a3da81cfff7
-
SHA1
05fd56c2822e2e2b68e76fefcf4925b302902ecd
-
SHA256
fee13bc6d167a20e3187066e782736c5f551a4210e10239ade376736cbf7d3e4
-
SHA512
63d403dfb3121074535a4bfe4cf0b371dffb3644719b5f8673f01d44bb7e8752139f9dacbfb7251b1b0d2233598a1c2ccbac3851113a3fb3ef82bd157891b816
-
SSDEEP
12288:8Mroy9059765M8jphx9qta6C0hi/fzYwC3LqqcM0ham:MyG765MEhx9Oa63hi/fDC3Gqf0Qm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-