General
-
Target
b49df9dc678df4be353a37c25cfbc13ef60c47fa2d0b8d29fa75a9093d7208b2
-
Size
522KB
-
Sample
230403-wjhtnsaa61
-
MD5
37082f0dfa46dacabd87d50991b62ba5
-
SHA1
480f25ab1bae9d24c1c6bad0cb9781274280cc76
-
SHA256
b49df9dc678df4be353a37c25cfbc13ef60c47fa2d0b8d29fa75a9093d7208b2
-
SHA512
d2b5e4d6f33d3c751ec8ce3ee4986fc4bc7e090a970e5f07cdb89d0dd6dd04517e9e0b20399af4c97d47f4d6eae572d61f095e4995f570066c39979fbb633b2b
-
SSDEEP
12288:DMr1y90zNgxT56rPjy1K8Y7VFVbsdrLiuG:Gyeo6rO1wxF9sd6j
Static task
static1
Behavioral task
behavioral1
Sample
b49df9dc678df4be353a37c25cfbc13ef60c47fa2d0b8d29fa75a9093d7208b2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
b49df9dc678df4be353a37c25cfbc13ef60c47fa2d0b8d29fa75a9093d7208b2
-
Size
522KB
-
MD5
37082f0dfa46dacabd87d50991b62ba5
-
SHA1
480f25ab1bae9d24c1c6bad0cb9781274280cc76
-
SHA256
b49df9dc678df4be353a37c25cfbc13ef60c47fa2d0b8d29fa75a9093d7208b2
-
SHA512
d2b5e4d6f33d3c751ec8ce3ee4986fc4bc7e090a970e5f07cdb89d0dd6dd04517e9e0b20399af4c97d47f4d6eae572d61f095e4995f570066c39979fbb633b2b
-
SSDEEP
12288:DMr1y90zNgxT56rPjy1K8Y7VFVbsdrLiuG:Gyeo6rO1wxF9sd6j
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-