General
-
Target
8db6614ed2a9a2bf941fa6ea3a7aeb309466bfe2ad8d86c55aa5902b249a5de7
-
Size
659KB
-
Sample
230403-1tstvafb89
-
MD5
36b87ba71f8006717551eec759b12629
-
SHA1
ad968499cd932813633a773569b548b9dd3bb818
-
SHA256
8db6614ed2a9a2bf941fa6ea3a7aeb309466bfe2ad8d86c55aa5902b249a5de7
-
SHA512
b4a142126111f255ee4d3d100bbe56c6adc07613c2fa77689dce0df2b36a8f98918e75eae7dc2d71f5871e459e0cff69b11af451645597e3b578cbc17ff60cc5
-
SSDEEP
12288:qMr8y90ov/KEjqPUpHo0oupwAdGCDw549RgLTCB+2ft/juStREW:Sy7/FfxfDXELOBXB9UW
Static task
static1
Behavioral task
behavioral1
Sample
8db6614ed2a9a2bf941fa6ea3a7aeb309466bfe2ad8d86c55aa5902b249a5de7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
8db6614ed2a9a2bf941fa6ea3a7aeb309466bfe2ad8d86c55aa5902b249a5de7
-
Size
659KB
-
MD5
36b87ba71f8006717551eec759b12629
-
SHA1
ad968499cd932813633a773569b548b9dd3bb818
-
SHA256
8db6614ed2a9a2bf941fa6ea3a7aeb309466bfe2ad8d86c55aa5902b249a5de7
-
SHA512
b4a142126111f255ee4d3d100bbe56c6adc07613c2fa77689dce0df2b36a8f98918e75eae7dc2d71f5871e459e0cff69b11af451645597e3b578cbc17ff60cc5
-
SSDEEP
12288:qMr8y90ov/KEjqPUpHo0oupwAdGCDw549RgLTCB+2ft/juStREW:Sy7/FfxfDXELOBXB9UW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-