General
-
Target
35170fc31a3f664f88c26bee7b296763915bc0ada62fd634e0e79d57c0d3ca25
-
Size
522KB
-
Sample
230403-v7x3tshh7z
-
MD5
15bcf1b15570e2afa023674e268ef672
-
SHA1
42d1aba49c3f08311ae5e80db61595b82ee86ae7
-
SHA256
35170fc31a3f664f88c26bee7b296763915bc0ada62fd634e0e79d57c0d3ca25
-
SHA512
145eab98401445936e4eb560971966993b265e45f645d5b1afaefce83ea4e8b37ceff106bc27094334b92324d0efbd0f827482b5619f4c72fc73bf9c1a6eba44
-
SSDEEP
12288:bMrdy90NUcDZdGE4B1cbsfrLiMdTWXsQAFIIUf:+yp71csf6Md2sQADI
Static task
static1
Behavioral task
behavioral1
Sample
35170fc31a3f664f88c26bee7b296763915bc0ada62fd634e0e79d57c0d3ca25.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
35170fc31a3f664f88c26bee7b296763915bc0ada62fd634e0e79d57c0d3ca25
-
Size
522KB
-
MD5
15bcf1b15570e2afa023674e268ef672
-
SHA1
42d1aba49c3f08311ae5e80db61595b82ee86ae7
-
SHA256
35170fc31a3f664f88c26bee7b296763915bc0ada62fd634e0e79d57c0d3ca25
-
SHA512
145eab98401445936e4eb560971966993b265e45f645d5b1afaefce83ea4e8b37ceff106bc27094334b92324d0efbd0f827482b5619f4c72fc73bf9c1a6eba44
-
SSDEEP
12288:bMrdy90NUcDZdGE4B1cbsfrLiMdTWXsQAFIIUf:+yp71csf6Md2sQADI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-