General
-
Target
ae44202538c651945244d5ad1961de88f3a1648f9ac7db8ae9dfe5e103e95348
-
Size
659KB
-
Sample
230403-13l3nahd52
-
MD5
8773daf6af6d5fde79a0303ef20e5e2f
-
SHA1
3986b3918a25fcd3d2575f4192a46f9c7d50a9b2
-
SHA256
ae44202538c651945244d5ad1961de88f3a1648f9ac7db8ae9dfe5e103e95348
-
SHA512
08c7a1babe7029d2fd6927c57b9ff4bf8497cc4fd118dd5aeb5e570730afaed275d51bad05ca74ceeabc4e5a42b1f6816bc01425aabbcbfffad6a36a0c24ec7d
-
SSDEEP
12288:4Mrwy90u5bNGi87iRZrx2ivnrsuV8UcgVVvhow5pt597rwEcNClfsft/ju8COC:4yl5G9GrrMEnrhzvTt5FHcUlkBFC
Static task
static1
Behavioral task
behavioral1
Sample
ae44202538c651945244d5ad1961de88f3a1648f9ac7db8ae9dfe5e103e95348.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
ae44202538c651945244d5ad1961de88f3a1648f9ac7db8ae9dfe5e103e95348
-
Size
659KB
-
MD5
8773daf6af6d5fde79a0303ef20e5e2f
-
SHA1
3986b3918a25fcd3d2575f4192a46f9c7d50a9b2
-
SHA256
ae44202538c651945244d5ad1961de88f3a1648f9ac7db8ae9dfe5e103e95348
-
SHA512
08c7a1babe7029d2fd6927c57b9ff4bf8497cc4fd118dd5aeb5e570730afaed275d51bad05ca74ceeabc4e5a42b1f6816bc01425aabbcbfffad6a36a0c24ec7d
-
SSDEEP
12288:4Mrwy90u5bNGi87iRZrx2ivnrsuV8UcgVVvhow5pt597rwEcNClfsft/ju8COC:4yl5G9GrrMEnrhzvTt5FHcUlkBFC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-