General
-
Target
2807f3981dfecb497a8d9343b1aa3e8b1a6394d5ca2468012eaafddc0337615c
-
Size
659KB
-
Sample
230403-15eflahh28
-
MD5
d22694969045013b8edc82e9e7266c82
-
SHA1
bbb2c80af8c7e4ce2237adc4c0bda9ab1a632ee8
-
SHA256
2807f3981dfecb497a8d9343b1aa3e8b1a6394d5ca2468012eaafddc0337615c
-
SHA512
73ccd67faeefd25b3906b35c08203ac6f5d2f48c7f93038d8dae3d7087b70b7812b07acbf9fdd684a64d3d9e12b18b1565b40c32018d9a8017a2dd4db3af958b
-
SSDEEP
12288:zMrSy907WfWpLSYNzdz4AS6Ht1+syOSY/bQt59Lrwk+RC/vIft/juTfNWUj:pyw+WL/zfN1vS2Qt5Vz+I/gBsWc
Static task
static1
Behavioral task
behavioral1
Sample
2807f3981dfecb497a8d9343b1aa3e8b1a6394d5ca2468012eaafddc0337615c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
2807f3981dfecb497a8d9343b1aa3e8b1a6394d5ca2468012eaafddc0337615c
-
Size
659KB
-
MD5
d22694969045013b8edc82e9e7266c82
-
SHA1
bbb2c80af8c7e4ce2237adc4c0bda9ab1a632ee8
-
SHA256
2807f3981dfecb497a8d9343b1aa3e8b1a6394d5ca2468012eaafddc0337615c
-
SHA512
73ccd67faeefd25b3906b35c08203ac6f5d2f48c7f93038d8dae3d7087b70b7812b07acbf9fdd684a64d3d9e12b18b1565b40c32018d9a8017a2dd4db3af958b
-
SSDEEP
12288:zMrSy907WfWpLSYNzdz4AS6Ht1+syOSY/bQt59Lrwk+RC/vIft/juTfNWUj:pyw+WL/zfN1vS2Qt5Vz+I/gBsWc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-