General
-
Target
26eba4f8b78335ec524bf72299bbb462cc688e7276ff8aea133bff80e22bc340
-
Size
533KB
-
Sample
230331-zqhc9seg2v
-
MD5
52c8b4599d5035e4ad577f8276d2e835
-
SHA1
34360100387be5b8900576c5024b9948d9166068
-
SHA256
26eba4f8b78335ec524bf72299bbb462cc688e7276ff8aea133bff80e22bc340
-
SHA512
085035774dc6428f8bf5e564df127e28d153b27d4fa250b9db3744811e32fda0cd86a0fd420d9e8c0e15de1d4bd4199e01506873c25bb07d79d793d571d88ccc
-
SSDEEP
12288:sMrAy90K07oFjcrpdvRIadVrEqO3LqCh+1pJu:UyK8RAXEqO3GRU
Static task
static1
Behavioral task
behavioral1
Sample
26eba4f8b78335ec524bf72299bbb462cc688e7276ff8aea133bff80e22bc340.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
26eba4f8b78335ec524bf72299bbb462cc688e7276ff8aea133bff80e22bc340
-
Size
533KB
-
MD5
52c8b4599d5035e4ad577f8276d2e835
-
SHA1
34360100387be5b8900576c5024b9948d9166068
-
SHA256
26eba4f8b78335ec524bf72299bbb462cc688e7276ff8aea133bff80e22bc340
-
SHA512
085035774dc6428f8bf5e564df127e28d153b27d4fa250b9db3744811e32fda0cd86a0fd420d9e8c0e15de1d4bd4199e01506873c25bb07d79d793d571d88ccc
-
SSDEEP
12288:sMrAy90K07oFjcrpdvRIadVrEqO3LqCh+1pJu:UyK8RAXEqO3GRU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-