General
-
Target
64e89f4f9e39be40a0ec73c610ab7f2c576cf9ffedebe257d3144d7a6ac0dc1e
-
Size
671KB
-
Sample
230331-zv3vrseg4z
-
MD5
150b6b824fa9145d88a8362a1112445b
-
SHA1
9b42495ed2c7378f50a62f49619a5ce490b03f90
-
SHA256
64e89f4f9e39be40a0ec73c610ab7f2c576cf9ffedebe257d3144d7a6ac0dc1e
-
SHA512
8515e98f6d2ce6bccfbafbafa950d3800310172fa1ae6daa89178b9c400bc978e3108bb45ba5ce698f86821f465a6c7267d7c31f19eb1c6050bff2f606fc0e33
-
SSDEEP
12288:+Mrly90PgWEL+a7viS0+7c0fgz9mCc83/bWPCX3Lqzg5p4fuW:3y4gxL+a76+7c0f6gPCX3GzWp4n
Static task
static1
Behavioral task
behavioral1
Sample
64e89f4f9e39be40a0ec73c610ab7f2c576cf9ffedebe257d3144d7a6ac0dc1e.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
64e89f4f9e39be40a0ec73c610ab7f2c576cf9ffedebe257d3144d7a6ac0dc1e
-
Size
671KB
-
MD5
150b6b824fa9145d88a8362a1112445b
-
SHA1
9b42495ed2c7378f50a62f49619a5ce490b03f90
-
SHA256
64e89f4f9e39be40a0ec73c610ab7f2c576cf9ffedebe257d3144d7a6ac0dc1e
-
SHA512
8515e98f6d2ce6bccfbafbafa950d3800310172fa1ae6daa89178b9c400bc978e3108bb45ba5ce698f86821f465a6c7267d7c31f19eb1c6050bff2f606fc0e33
-
SSDEEP
12288:+Mrly90PgWEL+a7viS0+7c0fgz9mCc83/bWPCX3Lqzg5p4fuW:3y4gxL+a76+7c0f6gPCX3GzWp4n
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-