General
-
Target
be76d720692578c6ee0c1b041ef2f481934c5569894b96e057c0f7686f7bc2bb
-
Size
660KB
-
Sample
230403-wgaehsaa5x
-
MD5
7b5c7d729bdd8773181fef568f3c1a88
-
SHA1
82746ad6a7e6bdca0afd7cc68adc3294834fca7b
-
SHA256
be76d720692578c6ee0c1b041ef2f481934c5569894b96e057c0f7686f7bc2bb
-
SHA512
659b36fa0d8ade16d258a3a0ce42c627bf7f79a1bfd0eb7eaa2f93962a47754e88af36b9ade37d2023ad8464b7052ca9e287fdb33a3d304b9ba2fbe8c3becc7f
-
SSDEEP
12288:AMrSy907Jb+y0aAdr42QnXOrO1SFVsMV0/sFrLiNi1aWP1r9IXtQ:iyyhSaH2QneyIFTV+sF6Ni151IQ
Static task
static1
Behavioral task
behavioral1
Sample
be76d720692578c6ee0c1b041ef2f481934c5569894b96e057c0f7686f7bc2bb.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
be76d720692578c6ee0c1b041ef2f481934c5569894b96e057c0f7686f7bc2bb
-
Size
660KB
-
MD5
7b5c7d729bdd8773181fef568f3c1a88
-
SHA1
82746ad6a7e6bdca0afd7cc68adc3294834fca7b
-
SHA256
be76d720692578c6ee0c1b041ef2f481934c5569894b96e057c0f7686f7bc2bb
-
SHA512
659b36fa0d8ade16d258a3a0ce42c627bf7f79a1bfd0eb7eaa2f93962a47754e88af36b9ade37d2023ad8464b7052ca9e287fdb33a3d304b9ba2fbe8c3becc7f
-
SSDEEP
12288:AMrSy907Jb+y0aAdr42QnXOrO1SFVsMV0/sFrLiNi1aWP1r9IXtQ:iyyhSaH2QneyIFTV+sF6Ni151IQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-