General
-
Target
0444aaf811001c658b8d94a317ed11c3316e9693cc30045eb5123bac2654f7fa
-
Size
522KB
-
Sample
230403-2l36aadc9z
-
MD5
98e16e756234f4229c02b6767297ca30
-
SHA1
1c5baff04206883d7bd04371629b9c8e16261f26
-
SHA256
0444aaf811001c658b8d94a317ed11c3316e9693cc30045eb5123bac2654f7fa
-
SHA512
794baf1458dde48a2c2fbdd29829ced7dd400cc212858195cacdd593d571030671bcd0197dc6984aed4823d302eecd1d77f2abc5ffca01feb8a355f812c5d178
-
SSDEEP
12288:YYMrty90Z8JgEfnu3zcqAbrw4khCbJUivpkw0Q:Yly/rGuDkYb2+f
Static task
static1
Behavioral task
behavioral1
Sample
0444aaf811001c658b8d94a317ed11c3316e9693cc30045eb5123bac2654f7fa.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
0444aaf811001c658b8d94a317ed11c3316e9693cc30045eb5123bac2654f7fa
-
Size
522KB
-
MD5
98e16e756234f4229c02b6767297ca30
-
SHA1
1c5baff04206883d7bd04371629b9c8e16261f26
-
SHA256
0444aaf811001c658b8d94a317ed11c3316e9693cc30045eb5123bac2654f7fa
-
SHA512
794baf1458dde48a2c2fbdd29829ced7dd400cc212858195cacdd593d571030671bcd0197dc6984aed4823d302eecd1d77f2abc5ffca01feb8a355f812c5d178
-
SSDEEP
12288:YYMrty90Z8JgEfnu3zcqAbrw4khCbJUivpkw0Q:Yly/rGuDkYb2+f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-