General
-
Target
d394d0348a02f02356c5ddf6e0a05016c55a1b663d784b999bd7d75287301f32
-
Size
659KB
-
Sample
230403-2dwfgadc6z
-
MD5
72e566cdbfbac0f1594673727194bf6e
-
SHA1
0f365c3902f4ae7340a16c105465ee53f362ae64
-
SHA256
d394d0348a02f02356c5ddf6e0a05016c55a1b663d784b999bd7d75287301f32
-
SHA512
f5777ea8515587471f23f44c3ee3b02bb43549c5ca425211bbad4cd3ce39315bbf7fe4083dbf761a06c4b8d74bfdf3e6b5174f4e3b00ac50ab52987da5eb9362
-
SSDEEP
12288:ZMrQy90EqikwOr3ow1mbdW2GUdQ1KNt59lrwAVmCoDlft/ju+znBlI:9y7kwc3Vms8Ht5vTVXoRBxBC
Static task
static1
Behavioral task
behavioral1
Sample
d394d0348a02f02356c5ddf6e0a05016c55a1b663d784b999bd7d75287301f32.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
d394d0348a02f02356c5ddf6e0a05016c55a1b663d784b999bd7d75287301f32
-
Size
659KB
-
MD5
72e566cdbfbac0f1594673727194bf6e
-
SHA1
0f365c3902f4ae7340a16c105465ee53f362ae64
-
SHA256
d394d0348a02f02356c5ddf6e0a05016c55a1b663d784b999bd7d75287301f32
-
SHA512
f5777ea8515587471f23f44c3ee3b02bb43549c5ca425211bbad4cd3ce39315bbf7fe4083dbf761a06c4b8d74bfdf3e6b5174f4e3b00ac50ab52987da5eb9362
-
SSDEEP
12288:ZMrQy90EqikwOr3ow1mbdW2GUdQ1KNt59lrwAVmCoDlft/ju+znBlI:9y7kwc3Vms8Ht5vTVXoRBxBC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-