General
-
Target
a9be279f79aae8d9ed9e7243da35f07104a527d6ce6e3a6c50ce776eac1f7365
-
Size
659KB
-
Sample
230403-whx7zagc59
-
MD5
80a117fe6f37fa237aac19e0079799d4
-
SHA1
e72188a927a5f7ca073a8e51cbb551f5f697fdfd
-
SHA256
a9be279f79aae8d9ed9e7243da35f07104a527d6ce6e3a6c50ce776eac1f7365
-
SHA512
f91dcb70f3061b7028ae7438278d0385cc9dd5723f97e8a3ff4d989997d4d716b381450fbed7656bc442507394a07d69a4728c168bdbb72624df07c3b97f698d
-
SSDEEP
12288:JMr6y905WtEKl7ZK2MWrqdPuYn7S+Jek+m5O75h0OscrLioiYaWPzxNgl5CFF:byRZ1mNuYn7ScR+t9hDsc6oiY5zxNgkF
Static task
static1
Behavioral task
behavioral1
Sample
a9be279f79aae8d9ed9e7243da35f07104a527d6ce6e3a6c50ce776eac1f7365.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
a9be279f79aae8d9ed9e7243da35f07104a527d6ce6e3a6c50ce776eac1f7365
-
Size
659KB
-
MD5
80a117fe6f37fa237aac19e0079799d4
-
SHA1
e72188a927a5f7ca073a8e51cbb551f5f697fdfd
-
SHA256
a9be279f79aae8d9ed9e7243da35f07104a527d6ce6e3a6c50ce776eac1f7365
-
SHA512
f91dcb70f3061b7028ae7438278d0385cc9dd5723f97e8a3ff4d989997d4d716b381450fbed7656bc442507394a07d69a4728c168bdbb72624df07c3b97f698d
-
SSDEEP
12288:JMr6y905WtEKl7ZK2MWrqdPuYn7S+Jek+m5O75h0OscrLioiYaWPzxNgl5CFF:byRZ1mNuYn7ScR+t9hDsc6oiY5zxNgkF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-