General
-
Target
793dfa266486dc38f9c77d559a9a8f4d34ae7a46f5d732162621a3d3bfd6b109
-
Size
521KB
-
Sample
230403-vf811shg2x
-
MD5
0522b4860ed134153eb0f60d72bd5a08
-
SHA1
caeb30d69e3ddd210ed15510f923412fbaf08202
-
SHA256
793dfa266486dc38f9c77d559a9a8f4d34ae7a46f5d732162621a3d3bfd6b109
-
SHA512
19bb5b8673eb76f292ed013c5c7997f54bde3c8a9d855d015fff9a137f17d568c260b11ddd56cdd3c490b188c2ec759074ad67631be7aaf620a3f3f5717863a0
-
SSDEEP
12288:BMr6y90kiNAu4G2kL/A/5AbCsCrLiiyouSmNO3:jyX8AkL4hAGsC6iyo8NO3
Static task
static1
Behavioral task
behavioral1
Sample
793dfa266486dc38f9c77d559a9a8f4d34ae7a46f5d732162621a3d3bfd6b109.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
793dfa266486dc38f9c77d559a9a8f4d34ae7a46f5d732162621a3d3bfd6b109
-
Size
521KB
-
MD5
0522b4860ed134153eb0f60d72bd5a08
-
SHA1
caeb30d69e3ddd210ed15510f923412fbaf08202
-
SHA256
793dfa266486dc38f9c77d559a9a8f4d34ae7a46f5d732162621a3d3bfd6b109
-
SHA512
19bb5b8673eb76f292ed013c5c7997f54bde3c8a9d855d015fff9a137f17d568c260b11ddd56cdd3c490b188c2ec759074ad67631be7aaf620a3f3f5717863a0
-
SSDEEP
12288:BMr6y90kiNAu4G2kL/A/5AbCsCrLiiyouSmNO3:jyX8AkL4hAGsC6iyo8NO3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-