General
-
Target
a10929744db08997d1cdc307cd2883ceb80b1776383b518511f4040cc910b1a8
-
Size
522KB
-
Sample
230403-nlfs4aed24
-
MD5
ae1a3f0b8f8d4f1acfe98974379f6d5a
-
SHA1
f7aad6dc50ceeaf27015185eb7c2722d32bdcd3e
-
SHA256
a10929744db08997d1cdc307cd2883ceb80b1776383b518511f4040cc910b1a8
-
SHA512
071f4c35798e88a4419c1e367e29b229a892d053511d4b5738b98f5007fbbc1efb973f8be7d6b4a2839168d512be61111f3a308d351144a9db9676380ad70c04
-
SSDEEP
12288:jMrdy90o6mCTMsSWyb50323Xn7P3iqkcCrus:uyFs5450323XL3vC5
Static task
static1
Behavioral task
behavioral1
Sample
a10929744db08997d1cdc307cd2883ceb80b1776383b518511f4040cc910b1a8.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
a10929744db08997d1cdc307cd2883ceb80b1776383b518511f4040cc910b1a8
-
Size
522KB
-
MD5
ae1a3f0b8f8d4f1acfe98974379f6d5a
-
SHA1
f7aad6dc50ceeaf27015185eb7c2722d32bdcd3e
-
SHA256
a10929744db08997d1cdc307cd2883ceb80b1776383b518511f4040cc910b1a8
-
SHA512
071f4c35798e88a4419c1e367e29b229a892d053511d4b5738b98f5007fbbc1efb973f8be7d6b4a2839168d512be61111f3a308d351144a9db9676380ad70c04
-
SSDEEP
12288:jMrdy90o6mCTMsSWyb50323Xn7P3iqkcCrus:uyFs5450323XL3vC5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-