General
-
Target
9ff9f2815e5e47c3eb6bd8c7c9eba02558b51f862e1ad3877029efab57e97c0f
-
Size
522KB
-
Sample
230403-2cf96abd79
-
MD5
b820f3443cb7fdf2de750899ced17e90
-
SHA1
bde9d692f895e4b2ee86957f23e1f394fc550291
-
SHA256
9ff9f2815e5e47c3eb6bd8c7c9eba02558b51f862e1ad3877029efab57e97c0f
-
SHA512
614be10c268a7773ff1f0b523dd9c23cb6d348b8adc87c76c49e927afeb470cfac0d6266e66909f45dbc7d23c836dad999e296b5f8e9cc5625111cbdda450b1f
-
SSDEEP
6144:K2y+bnr+cp0yN90QERe8Q9kWWnZN2j6qW0YlIrABWD0320IhCWqClzxzF11l4d64:aMr8y90vnSm4rwWphC+JxFM68C7X4sa
Static task
static1
Behavioral task
behavioral1
Sample
9ff9f2815e5e47c3eb6bd8c7c9eba02558b51f862e1ad3877029efab57e97c0f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
9ff9f2815e5e47c3eb6bd8c7c9eba02558b51f862e1ad3877029efab57e97c0f
-
Size
522KB
-
MD5
b820f3443cb7fdf2de750899ced17e90
-
SHA1
bde9d692f895e4b2ee86957f23e1f394fc550291
-
SHA256
9ff9f2815e5e47c3eb6bd8c7c9eba02558b51f862e1ad3877029efab57e97c0f
-
SHA512
614be10c268a7773ff1f0b523dd9c23cb6d348b8adc87c76c49e927afeb470cfac0d6266e66909f45dbc7d23c836dad999e296b5f8e9cc5625111cbdda450b1f
-
SSDEEP
6144:K2y+bnr+cp0yN90QERe8Q9kWWnZN2j6qW0YlIrABWD0320IhCWqClzxzF11l4d64:aMr8y90vnSm4rwWphC+JxFM68C7X4sa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-