General
-
Target
5bb561bef7a556e3ffd9635cfd0cdd80ff55fc832c0aa5f9eec25da1707d6580
-
Size
522KB
-
Sample
230403-15ercshh33
-
MD5
72f156e4da917f326d61f25f88472b16
-
SHA1
4bcb618b4b6db6c60a726ae74acfb7e38b7f70f1
-
SHA256
5bb561bef7a556e3ffd9635cfd0cdd80ff55fc832c0aa5f9eec25da1707d6580
-
SHA512
c109a6bc5bb9ce4769cf0a349d6cbd73cc06233eacb3e259a1aabf8606e10f5b8324a92588903a6692aee09977974f7dd1a58a5a1ace0e219a2f71fed9f5e8a0
-
SSDEEP
12288:mMrdy90fqppItPFMEgQiWdFGrhC7JrDg/LZWa8:LylDEPFMEFiWdUrY7JDg/LZWa8
Static task
static1
Behavioral task
behavioral1
Sample
5bb561bef7a556e3ffd9635cfd0cdd80ff55fc832c0aa5f9eec25da1707d6580.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
5bb561bef7a556e3ffd9635cfd0cdd80ff55fc832c0aa5f9eec25da1707d6580
-
Size
522KB
-
MD5
72f156e4da917f326d61f25f88472b16
-
SHA1
4bcb618b4b6db6c60a726ae74acfb7e38b7f70f1
-
SHA256
5bb561bef7a556e3ffd9635cfd0cdd80ff55fc832c0aa5f9eec25da1707d6580
-
SHA512
c109a6bc5bb9ce4769cf0a349d6cbd73cc06233eacb3e259a1aabf8606e10f5b8324a92588903a6692aee09977974f7dd1a58a5a1ace0e219a2f71fed9f5e8a0
-
SSDEEP
12288:mMrdy90fqppItPFMEgQiWdFGrhC7JrDg/LZWa8:LylDEPFMEFiWdUrY7JDg/LZWa8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-