General
-
Target
113c12c7de1ef19c740b138f7d8d4cba36571d55e64b24647ee9a0e141798ae6
-
Size
660KB
-
Sample
230403-v6jh2shh7t
-
MD5
08fe22a71d36305a0ad6a23137fcfed3
-
SHA1
7b3a38473101a6fa74169c631eddc4dbaf6e0f09
-
SHA256
113c12c7de1ef19c740b138f7d8d4cba36571d55e64b24647ee9a0e141798ae6
-
SHA512
5d284e34e10d1e1aec69981e78ba525860e048ad2a8048bad9d38d9909e1e34dcf666053c3d35a98730052019ef8977148095b22dd592f9da0002db0482a28da
-
SSDEEP
12288:+MrWy90mr9kVxw30vSThLRPALUcv649rPZIKoCY0jsyrLiuiXaWPPc2AhA:cyfrwBshLRk6GtFYysy6uiX5EPK
Static task
static1
Behavioral task
behavioral1
Sample
113c12c7de1ef19c740b138f7d8d4cba36571d55e64b24647ee9a0e141798ae6.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
113c12c7de1ef19c740b138f7d8d4cba36571d55e64b24647ee9a0e141798ae6
-
Size
660KB
-
MD5
08fe22a71d36305a0ad6a23137fcfed3
-
SHA1
7b3a38473101a6fa74169c631eddc4dbaf6e0f09
-
SHA256
113c12c7de1ef19c740b138f7d8d4cba36571d55e64b24647ee9a0e141798ae6
-
SHA512
5d284e34e10d1e1aec69981e78ba525860e048ad2a8048bad9d38d9909e1e34dcf666053c3d35a98730052019ef8977148095b22dd592f9da0002db0482a28da
-
SSDEEP
12288:+MrWy90mr9kVxw30vSThLRPALUcv649rPZIKoCY0jsyrLiuiXaWPPc2AhA:cyfrwBshLRk6GtFYysy6uiX5EPK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-