General
-
Target
648279a38326bfff459824a595721bd0c07da3ad3f7edd6db165b68bd273021d
-
Size
659KB
-
Sample
230403-vxfe2aga97
-
MD5
fc84bce3a9b5c417bd7dcd0435ac4419
-
SHA1
c43beccea4026c225f57352add161671549dcb4a
-
SHA256
648279a38326bfff459824a595721bd0c07da3ad3f7edd6db165b68bd273021d
-
SHA512
038ad835278acf5240beefe1273c7325e3c513892081532bbdcc0df94391b5d698c872770444f81b253ec7751985d4206009c991bb04472f91f4df96c102f07a
-
SSDEEP
12288:5Mroy90f+NiPozy2LCWnJFwemZ09sXrLifi+aWPE1I4PO:dyA+NRrLfnfw7ZksX6fi+5gI4G
Static task
static1
Behavioral task
behavioral1
Sample
648279a38326bfff459824a595721bd0c07da3ad3f7edd6db165b68bd273021d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
648279a38326bfff459824a595721bd0c07da3ad3f7edd6db165b68bd273021d
-
Size
659KB
-
MD5
fc84bce3a9b5c417bd7dcd0435ac4419
-
SHA1
c43beccea4026c225f57352add161671549dcb4a
-
SHA256
648279a38326bfff459824a595721bd0c07da3ad3f7edd6db165b68bd273021d
-
SHA512
038ad835278acf5240beefe1273c7325e3c513892081532bbdcc0df94391b5d698c872770444f81b253ec7751985d4206009c991bb04472f91f4df96c102f07a
-
SSDEEP
12288:5Mroy90f+NiPozy2LCWnJFwemZ09sXrLifi+aWPE1I4PO:dyA+NRrLfnfw7ZksX6fi+5gI4G
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-