General
-
Target
87aab2f72bf937effb2117d6abc3c7f7d4a974541944e74c2b23d2913de963fa
-
Size
660KB
-
Sample
230403-w9ceksge38
-
MD5
06bf359b7fd60464937518cec4461fa0
-
SHA1
d58143261aa89af3fe02a1dd86c2ce0f67d84b07
-
SHA256
87aab2f72bf937effb2117d6abc3c7f7d4a974541944e74c2b23d2913de963fa
-
SHA512
f4bfa347a76e5599e6553b5c87da8e7bb53c10eeab56dad8caabb3d27bb899589ca70d91f6469da0c0f8909b30b33e22a9e82b7ca6e1a5338ad8ef511f533a96
-
SSDEEP
12288:lMr8y901J+T/OX3hakXR0HQOZz0CUIyG7MTFE3YgZSJ0En0l6SsySo6+xjn:ByIc/OX3hdB4vUnGQFE3YDJ05sSsyfVL
Static task
static1
Behavioral task
behavioral1
Sample
87aab2f72bf937effb2117d6abc3c7f7d4a974541944e74c2b23d2913de963fa.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
87aab2f72bf937effb2117d6abc3c7f7d4a974541944e74c2b23d2913de963fa
-
Size
660KB
-
MD5
06bf359b7fd60464937518cec4461fa0
-
SHA1
d58143261aa89af3fe02a1dd86c2ce0f67d84b07
-
SHA256
87aab2f72bf937effb2117d6abc3c7f7d4a974541944e74c2b23d2913de963fa
-
SHA512
f4bfa347a76e5599e6553b5c87da8e7bb53c10eeab56dad8caabb3d27bb899589ca70d91f6469da0c0f8909b30b33e22a9e82b7ca6e1a5338ad8ef511f533a96
-
SSDEEP
12288:lMr8y901J+T/OX3hakXR0HQOZz0CUIyG7MTFE3YgZSJ0En0l6SsySo6+xjn:ByIc/OX3hdB4vUnGQFE3YDJ05sSsyfVL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-