General
-
Target
08d1ef2a71ffa99ff213732801606c6a3dfefaaa561139c7136d2ae0b0469fb4
-
Size
522KB
-
Sample
230403-2c2wvsbd89
-
MD5
415bdbc25a00dce7b8868e12174896f5
-
SHA1
275758ff209c15663a56444e43f9e8dd99d64218
-
SHA256
08d1ef2a71ffa99ff213732801606c6a3dfefaaa561139c7136d2ae0b0469fb4
-
SHA512
43344023588a09dae61c69c80a121b5d9b59585af11b889a517470c93cb44faafcf0967ff0d77ea4e6c36310e004c8f1fab1faa8a42f896956ef9c5d52770b66
-
SSDEEP
12288:2Mrjy905OQkitOvvTHxa/lpSkphC9JwwEP:lyxQorRadpSMY9FEP
Static task
static1
Behavioral task
behavioral1
Sample
08d1ef2a71ffa99ff213732801606c6a3dfefaaa561139c7136d2ae0b0469fb4.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
08d1ef2a71ffa99ff213732801606c6a3dfefaaa561139c7136d2ae0b0469fb4
-
Size
522KB
-
MD5
415bdbc25a00dce7b8868e12174896f5
-
SHA1
275758ff209c15663a56444e43f9e8dd99d64218
-
SHA256
08d1ef2a71ffa99ff213732801606c6a3dfefaaa561139c7136d2ae0b0469fb4
-
SHA512
43344023588a09dae61c69c80a121b5d9b59585af11b889a517470c93cb44faafcf0967ff0d77ea4e6c36310e004c8f1fab1faa8a42f896956ef9c5d52770b66
-
SSDEEP
12288:2Mrjy905OQkitOvvTHxa/lpSkphC9JwwEP:lyxQorRadpSMY9FEP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-