General
-
Target
05b7e2fd19ab5c1e95ef434153015d1841faa35a333bf728f9b11e0e8d6777af
-
Size
522KB
-
Sample
230403-1h6lkafh41
-
MD5
ef6732a82a5411e2a7c59687c065c969
-
SHA1
c62c7fb3509c3ab12f337005a958160a69d02afa
-
SHA256
05b7e2fd19ab5c1e95ef434153015d1841faa35a333bf728f9b11e0e8d6777af
-
SHA512
f16005a199947645fa291b3272d08b4ee1edf0ed5c47d42feff1101d23500f9df25dbedb121c8c613d7037e45143992609370e34403e5f87f37b018b83b4a7f0
-
SSDEEP
12288:qMrvy90nzQ/lITAmhzFhvnNN7zSO8TB4kTzWdwKyvxTX1NZ:1yKxr9FhvNNnkTqkOdEXfZ
Static task
static1
Behavioral task
behavioral1
Sample
05b7e2fd19ab5c1e95ef434153015d1841faa35a333bf728f9b11e0e8d6777af.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
05b7e2fd19ab5c1e95ef434153015d1841faa35a333bf728f9b11e0e8d6777af
-
Size
522KB
-
MD5
ef6732a82a5411e2a7c59687c065c969
-
SHA1
c62c7fb3509c3ab12f337005a958160a69d02afa
-
SHA256
05b7e2fd19ab5c1e95ef434153015d1841faa35a333bf728f9b11e0e8d6777af
-
SHA512
f16005a199947645fa291b3272d08b4ee1edf0ed5c47d42feff1101d23500f9df25dbedb121c8c613d7037e45143992609370e34403e5f87f37b018b83b4a7f0
-
SSDEEP
12288:qMrvy90nzQ/lITAmhzFhvnNN7zSO8TB4kTzWdwKyvxTX1NZ:1yKxr9FhvNNnkTqkOdEXfZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-