General
-
Target
d283c8cb35f91c81cce6d907f4c468f46babe0ce74c6fb39e4e983da90176f4f
-
Size
521KB
-
Sample
230403-wnrblsgc89
-
MD5
274bf49fc6e14bf77afbbc5018b30f88
-
SHA1
b342805eb59b9d84f97325b452bab352d3c02757
-
SHA256
d283c8cb35f91c81cce6d907f4c468f46babe0ce74c6fb39e4e983da90176f4f
-
SHA512
fb1d4d7a7dc7be4a4eb0d9d6b37f60011926c74289098067047c25144252c20a53e1fbfd04eaf30122c7d3cc10a764f79a31ba2f7ad2f4d539fa9f6b32d06931
-
SSDEEP
6144:Kly+bnr+tp0yN90QEb47QDPi5wEq5GdBbge3n4I7fs61XzJNl6sPVt5nV+c9XqKp:7MrVy90WsrixhHgeo0E4XjFsclDd
Static task
static1
Behavioral task
behavioral1
Sample
d283c8cb35f91c81cce6d907f4c468f46babe0ce74c6fb39e4e983da90176f4f.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
d283c8cb35f91c81cce6d907f4c468f46babe0ce74c6fb39e4e983da90176f4f
-
Size
521KB
-
MD5
274bf49fc6e14bf77afbbc5018b30f88
-
SHA1
b342805eb59b9d84f97325b452bab352d3c02757
-
SHA256
d283c8cb35f91c81cce6d907f4c468f46babe0ce74c6fb39e4e983da90176f4f
-
SHA512
fb1d4d7a7dc7be4a4eb0d9d6b37f60011926c74289098067047c25144252c20a53e1fbfd04eaf30122c7d3cc10a764f79a31ba2f7ad2f4d539fa9f6b32d06931
-
SSDEEP
6144:Kly+bnr+tp0yN90QEb47QDPi5wEq5GdBbge3n4I7fs61XzJNl6sPVt5nV+c9XqKp:7MrVy90WsrixhHgeo0E4XjFsclDd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-