General
-
Target
c77da1a132b1ca7c43a67acd41023cf4f1d456893342c34c61b742d1e9acd922
-
Size
660KB
-
Sample
230403-wzkcfagd79
-
MD5
0e0d8bce9f7cc4d023ff4eafabb6e0ed
-
SHA1
cba8f7b7b5d364c1a5facd53ec16f3f9c0228875
-
SHA256
c77da1a132b1ca7c43a67acd41023cf4f1d456893342c34c61b742d1e9acd922
-
SHA512
de3719281793424771db2078def8e81b97bc33609d3c4c9f4a1cb68aee16b266737e12d303ab621ac12c1c237cdf4cf26e14943637d43e87ed7db721ef07b130
-
SSDEEP
12288:cMrfy90AyB0jZzzAccGY1fRXZSO0HZTl6UwOyFfBXwN:DyzOfnGYhREO0ZsUufRG
Static task
static1
Behavioral task
behavioral1
Sample
c77da1a132b1ca7c43a67acd41023cf4f1d456893342c34c61b742d1e9acd922.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
c77da1a132b1ca7c43a67acd41023cf4f1d456893342c34c61b742d1e9acd922
-
Size
660KB
-
MD5
0e0d8bce9f7cc4d023ff4eafabb6e0ed
-
SHA1
cba8f7b7b5d364c1a5facd53ec16f3f9c0228875
-
SHA256
c77da1a132b1ca7c43a67acd41023cf4f1d456893342c34c61b742d1e9acd922
-
SHA512
de3719281793424771db2078def8e81b97bc33609d3c4c9f4a1cb68aee16b266737e12d303ab621ac12c1c237cdf4cf26e14943637d43e87ed7db721ef07b130
-
SSDEEP
12288:cMrfy90AyB0jZzzAccGY1fRXZSO0HZTl6UwOyFfBXwN:DyzOfnGYhREO0ZsUufRG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-