General
-
Target
6bff60be3d89caf7916f9ba1c68febbcc621c77a146dc92c3536c858e44fced9
-
Size
522KB
-
Sample
230403-171fvaad72
-
MD5
2dc31791017e7bec0012c6c0821fab1e
-
SHA1
404070f0e44d01caf6cf1ec42c2b7a599d133b26
-
SHA256
6bff60be3d89caf7916f9ba1c68febbcc621c77a146dc92c3536c858e44fced9
-
SHA512
55d3b52180981b0d6a4fed90df4b4e0473b97743aa14496eeea8f7616fc52b8f03c5f6557c4d683dc0d68be353fc8b0732341bcbed1c5eb54307c0bde4c1eceb
-
SSDEEP
12288:9Mr5y90L/Rir9G+rUlUrwl8hCxJ1ssZBrixLK2OX:kyARA9GMX+8YxgSuRK2u
Static task
static1
Behavioral task
behavioral1
Sample
6bff60be3d89caf7916f9ba1c68febbcc621c77a146dc92c3536c858e44fced9.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
6bff60be3d89caf7916f9ba1c68febbcc621c77a146dc92c3536c858e44fced9
-
Size
522KB
-
MD5
2dc31791017e7bec0012c6c0821fab1e
-
SHA1
404070f0e44d01caf6cf1ec42c2b7a599d133b26
-
SHA256
6bff60be3d89caf7916f9ba1c68febbcc621c77a146dc92c3536c858e44fced9
-
SHA512
55d3b52180981b0d6a4fed90df4b4e0473b97743aa14496eeea8f7616fc52b8f03c5f6557c4d683dc0d68be353fc8b0732341bcbed1c5eb54307c0bde4c1eceb
-
SSDEEP
12288:9Mr5y90L/Rir9G+rUlUrwl8hCxJ1ssZBrixLK2OX:kyARA9GMX+8YxgSuRK2u
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-