General
-
Target
50d3d57bac15cc203de2dda24602d18dbdc3d6652bd5bed67b5ea1c1175c714c
-
Size
659KB
-
Sample
230403-waq4pagb95
-
MD5
274d9286d0a05bb7b4b5267713fa3f7e
-
SHA1
9c1c913604fd863e1fc9875bdfee0806ad2cac10
-
SHA256
50d3d57bac15cc203de2dda24602d18dbdc3d6652bd5bed67b5ea1c1175c714c
-
SHA512
c62c85cc826ece258c99c25eb90882bd947a935686bea07b5042186f2ed730469026023333507d5f9e9e80a90cedef273a12f80fa660573b7ac3aeb63a7ce410
-
SSDEEP
12288:sMr0y90jwdRogG9Fs5q6yuey6ZpAA9fw10oyeS6njH07scrLiyitaWP+omsuF:AyQB5A5q6yuB6ZJd5IHOsc6yit5+suF
Static task
static1
Behavioral task
behavioral1
Sample
50d3d57bac15cc203de2dda24602d18dbdc3d6652bd5bed67b5ea1c1175c714c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
50d3d57bac15cc203de2dda24602d18dbdc3d6652bd5bed67b5ea1c1175c714c
-
Size
659KB
-
MD5
274d9286d0a05bb7b4b5267713fa3f7e
-
SHA1
9c1c913604fd863e1fc9875bdfee0806ad2cac10
-
SHA256
50d3d57bac15cc203de2dda24602d18dbdc3d6652bd5bed67b5ea1c1175c714c
-
SHA512
c62c85cc826ece258c99c25eb90882bd947a935686bea07b5042186f2ed730469026023333507d5f9e9e80a90cedef273a12f80fa660573b7ac3aeb63a7ce410
-
SSDEEP
12288:sMr0y90jwdRogG9Fs5q6yuey6ZpAA9fw10oyeS6njH07scrLiyitaWP+omsuF:AyQB5A5q6yuB6ZJd5IHOsc6yit5+suF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-