General
-
Target
b568344679aba1a25a64640bd89bb25bf801d9ea2a8d14b54337f4a74291bcec
-
Size
522KB
-
Sample
230403-whnzasgc57
-
MD5
01751d3179853405022593f1763a77c7
-
SHA1
ea35dd19c9083c9585117730d6ea2cdcc52243c7
-
SHA256
b568344679aba1a25a64640bd89bb25bf801d9ea2a8d14b54337f4a74291bcec
-
SHA512
0fb6944ca85221e47ef16c06d088f8e7a6cebf9fac86982098e3b91d1341917e987d8c6f31062d233d7855d3fb47f6325c338e301251e844e3f21879026f83ca
-
SSDEEP
12288:tMrNy903ZGqVSx0C/sZrLiFQDh1B8imBokn:QyAkj0ssZ6FQt1+iiLn
Static task
static1
Behavioral task
behavioral1
Sample
b568344679aba1a25a64640bd89bb25bf801d9ea2a8d14b54337f4a74291bcec.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
b568344679aba1a25a64640bd89bb25bf801d9ea2a8d14b54337f4a74291bcec
-
Size
522KB
-
MD5
01751d3179853405022593f1763a77c7
-
SHA1
ea35dd19c9083c9585117730d6ea2cdcc52243c7
-
SHA256
b568344679aba1a25a64640bd89bb25bf801d9ea2a8d14b54337f4a74291bcec
-
SHA512
0fb6944ca85221e47ef16c06d088f8e7a6cebf9fac86982098e3b91d1341917e987d8c6f31062d233d7855d3fb47f6325c338e301251e844e3f21879026f83ca
-
SSDEEP
12288:tMrNy903ZGqVSx0C/sZrLiFQDh1B8imBokn:QyAkj0ssZ6FQt1+iiLn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-