General
-
Target
3d5733b857b33f8ee08663dd182988f91d00be4187bd993329e5c33b0ed6953a
-
Size
660KB
-
Sample
230403-v9x6lshh9w
-
MD5
cd875867522fbc854dacfd8bf311d20f
-
SHA1
479eb38628be2838b811261f9844d9950c161009
-
SHA256
3d5733b857b33f8ee08663dd182988f91d00be4187bd993329e5c33b0ed6953a
-
SHA512
e00c883b80007f6e84f52f0bbd77471ae566067294ddb37ed175bd17b2a6cb1c4d3fe82ff75a452dc12a1d671c1b70799ac6178432a72e926f078ea4318729db
-
SSDEEP
12288:UMrYy901t24CvmtqrIthiLRPAfQ5XI6q95BGfH0jskrLiLiJaWPe9CBS:syklCvmtqMTiLRYQ5460MHSsk6LiJ5e
Static task
static1
Behavioral task
behavioral1
Sample
3d5733b857b33f8ee08663dd182988f91d00be4187bd993329e5c33b0ed6953a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
3d5733b857b33f8ee08663dd182988f91d00be4187bd993329e5c33b0ed6953a
-
Size
660KB
-
MD5
cd875867522fbc854dacfd8bf311d20f
-
SHA1
479eb38628be2838b811261f9844d9950c161009
-
SHA256
3d5733b857b33f8ee08663dd182988f91d00be4187bd993329e5c33b0ed6953a
-
SHA512
e00c883b80007f6e84f52f0bbd77471ae566067294ddb37ed175bd17b2a6cb1c4d3fe82ff75a452dc12a1d671c1b70799ac6178432a72e926f078ea4318729db
-
SSDEEP
12288:UMrYy901t24CvmtqrIthiLRPAfQ5XI6q95BGfH0jskrLiLiJaWPe9CBS:syklCvmtqMTiLRYQ5460MHSsk6LiJ5e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-