General
-
Target
ac4379f4aede9df2bda5e1d8afe6d7496bc9c401b9d1002da418f1766a389b25
-
Size
658KB
-
Sample
230403-1h5z2aeb64
-
MD5
11706b96882d6a39e32b9788833983ee
-
SHA1
7e957cceffc9bc9230b6aeb66c120592461c3c5c
-
SHA256
ac4379f4aede9df2bda5e1d8afe6d7496bc9c401b9d1002da418f1766a389b25
-
SHA512
c5b91ffeae8b809ee0361fcb8773b4d8e2d627810c7765e816d0044f3b4ccb69adb81f1317144ac9d9622511283c2aaa0ace390a208e5cc3ec89cf6795085f92
-
SSDEEP
12288:VMruy90GCNDipXkQLgJf8EgRtDXZQ85G3Sx644MzWKDk8vqhr:/yhgipXkIkFgRtzayx74FKKp
Static task
static1
Behavioral task
behavioral1
Sample
ac4379f4aede9df2bda5e1d8afe6d7496bc9c401b9d1002da418f1766a389b25.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
ac4379f4aede9df2bda5e1d8afe6d7496bc9c401b9d1002da418f1766a389b25
-
Size
658KB
-
MD5
11706b96882d6a39e32b9788833983ee
-
SHA1
7e957cceffc9bc9230b6aeb66c120592461c3c5c
-
SHA256
ac4379f4aede9df2bda5e1d8afe6d7496bc9c401b9d1002da418f1766a389b25
-
SHA512
c5b91ffeae8b809ee0361fcb8773b4d8e2d627810c7765e816d0044f3b4ccb69adb81f1317144ac9d9622511283c2aaa0ace390a208e5cc3ec89cf6795085f92
-
SSDEEP
12288:VMruy90GCNDipXkQLgJf8EgRtDXZQ85G3Sx644MzWKDk8vqhr:/yhgipXkIkFgRtzayx74FKKp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-