General
-
Target
38a0363b3f99d0f1b9ad60b6fd1f7d55ea64c14e2fe9904c637dccd43e873758
-
Size
660KB
-
Sample
230403-vrzxgshg7x
-
MD5
392f938dbad42ea903b7219a3dd3c6cb
-
SHA1
abb2498dca7e21f6b661ac9d5ab8fec91a49d310
-
SHA256
38a0363b3f99d0f1b9ad60b6fd1f7d55ea64c14e2fe9904c637dccd43e873758
-
SHA512
675a9306ac93786c64bb1de2f7fc8c55102ce78d85d5a20856e463c5836727ec0b5b4b3db72d85bd9957a163eb12f1ac5238613a4e993c3aeb45cd50c66e7098
-
SSDEEP
12288:tMrey908O1OysLYfpFEPm6G29jIXaUbjxpIU6c3xA0/sVrLi5ieaWPt++iypnO2j:Py9AYNzGUjOxp+UHhA+sV65ie5tLkI
Static task
static1
Behavioral task
behavioral1
Sample
38a0363b3f99d0f1b9ad60b6fd1f7d55ea64c14e2fe9904c637dccd43e873758.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
38a0363b3f99d0f1b9ad60b6fd1f7d55ea64c14e2fe9904c637dccd43e873758
-
Size
660KB
-
MD5
392f938dbad42ea903b7219a3dd3c6cb
-
SHA1
abb2498dca7e21f6b661ac9d5ab8fec91a49d310
-
SHA256
38a0363b3f99d0f1b9ad60b6fd1f7d55ea64c14e2fe9904c637dccd43e873758
-
SHA512
675a9306ac93786c64bb1de2f7fc8c55102ce78d85d5a20856e463c5836727ec0b5b4b3db72d85bd9957a163eb12f1ac5238613a4e993c3aeb45cd50c66e7098
-
SSDEEP
12288:tMrey908O1OysLYfpFEPm6G29jIXaUbjxpIU6c3xA0/sVrLi5ieaWPt++iypnO2j:Py9AYNzGUjOxp+UHhA+sV65ie5tLkI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-