General
-
Target
59b1e4b6c7ce8507201ad0efc47dae1aeb3b4dce0bdd6fb812b0d22a96286f3f
-
Size
657KB
-
Sample
230403-1dstxade6t
-
MD5
74f91039a11f45b8e288e526d36d8156
-
SHA1
69080fd73208f6939bceb553aa265bc2f3a3c549
-
SHA256
59b1e4b6c7ce8507201ad0efc47dae1aeb3b4dce0bdd6fb812b0d22a96286f3f
-
SHA512
980c0f986b3d99160bb867980adc453aeeb4fc38f126ec931ee80f9331e09731ab1bb962dafee3030e3c6bb4ec7cad690cf0d8a9c9226c8fd9c8893afa186d56
-
SSDEEP
12288:PMrcy90ZAWnxzEYEgVRjtDhpekef1ULt8UgmRFO44WzWKfQ8vABDlNfO7:zyOn+z+jt9pekef1UhUoFn4PKgBZNG7
Static task
static1
Behavioral task
behavioral1
Sample
59b1e4b6c7ce8507201ad0efc47dae1aeb3b4dce0bdd6fb812b0d22a96286f3f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
59b1e4b6c7ce8507201ad0efc47dae1aeb3b4dce0bdd6fb812b0d22a96286f3f
-
Size
657KB
-
MD5
74f91039a11f45b8e288e526d36d8156
-
SHA1
69080fd73208f6939bceb553aa265bc2f3a3c549
-
SHA256
59b1e4b6c7ce8507201ad0efc47dae1aeb3b4dce0bdd6fb812b0d22a96286f3f
-
SHA512
980c0f986b3d99160bb867980adc453aeeb4fc38f126ec931ee80f9331e09731ab1bb962dafee3030e3c6bb4ec7cad690cf0d8a9c9226c8fd9c8893afa186d56
-
SSDEEP
12288:PMrcy90ZAWnxzEYEgVRjtDhpekef1ULt8UgmRFO44WzWKfQ8vABDlNfO7:zyOn+z+jt9pekef1UhUoFn4PKgBZNG7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-