General
-
Target
bfa7703c5b245389d4f9bf5fbbfcf509979e32aa9868e022cd7cfb293398f5d2
-
Size
521KB
-
Sample
230403-wr59yagd42
-
MD5
b23ff58e2894287a8d6f8e84d3dd1e51
-
SHA1
b0c959fd487204977a2de686e83f0803d2fc7669
-
SHA256
bfa7703c5b245389d4f9bf5fbbfcf509979e32aa9868e022cd7cfb293398f5d2
-
SHA512
600dd26cf0b753de16fd6f923c0dd01cb6ec1bc6c0224e08fd9771547cf3b3c8d2397946659164ac8eabb0f6c6a349d04c136a74072629fefe44f5afc7e8e569
-
SSDEEP
6144:K0y+bnr+bp0yN90QE9y8OCJaBT4xXEwFWDH2JAGLi/C4w6fz616//ZjMAwkGqXzz:cMr7y90XeC4BT4m6RG1bx+aDoRE
Static task
static1
Behavioral task
behavioral1
Sample
bfa7703c5b245389d4f9bf5fbbfcf509979e32aa9868e022cd7cfb293398f5d2.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
bfa7703c5b245389d4f9bf5fbbfcf509979e32aa9868e022cd7cfb293398f5d2
-
Size
521KB
-
MD5
b23ff58e2894287a8d6f8e84d3dd1e51
-
SHA1
b0c959fd487204977a2de686e83f0803d2fc7669
-
SHA256
bfa7703c5b245389d4f9bf5fbbfcf509979e32aa9868e022cd7cfb293398f5d2
-
SHA512
600dd26cf0b753de16fd6f923c0dd01cb6ec1bc6c0224e08fd9771547cf3b3c8d2397946659164ac8eabb0f6c6a349d04c136a74072629fefe44f5afc7e8e569
-
SSDEEP
6144:K0y+bnr+bp0yN90QE9y8OCJaBT4xXEwFWDH2JAGLi/C4w6fz616//ZjMAwkGqXzz:cMr7y90XeC4BT4m6RG1bx+aDoRE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-