General
-
Target
53df7eb3552d46ec9699209d5a31a6fbb9576cd685c0b6d6c60df046fe89a739
-
Size
521KB
-
Sample
230403-x1aeasae3v
-
MD5
ce2e906eb11ea6abd05584b826cbc3df
-
SHA1
df3621a19c808f9701d637e4338729d8428d0d30
-
SHA256
53df7eb3552d46ec9699209d5a31a6fbb9576cd685c0b6d6c60df046fe89a739
-
SHA512
abfa4ec0dcd6b10518889b333fc6f933d7fb55a9b0dd3c005502ea47ba8d6690b6ab63b340e998563df2dc7646606d3405f4f71c60b329f39f74262cc5f90022
-
SSDEEP
12288:WMrXy901MdXLdD7Ogw8itetpAHp9t96iCl5Tl8qk:ByZLW0SetKp9/6iYyqk
Static task
static1
Behavioral task
behavioral1
Sample
53df7eb3552d46ec9699209d5a31a6fbb9576cd685c0b6d6c60df046fe89a739.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
53df7eb3552d46ec9699209d5a31a6fbb9576cd685c0b6d6c60df046fe89a739
-
Size
521KB
-
MD5
ce2e906eb11ea6abd05584b826cbc3df
-
SHA1
df3621a19c808f9701d637e4338729d8428d0d30
-
SHA256
53df7eb3552d46ec9699209d5a31a6fbb9576cd685c0b6d6c60df046fe89a739
-
SHA512
abfa4ec0dcd6b10518889b333fc6f933d7fb55a9b0dd3c005502ea47ba8d6690b6ab63b340e998563df2dc7646606d3405f4f71c60b329f39f74262cc5f90022
-
SSDEEP
12288:WMrXy901MdXLdD7Ogw8itetpAHp9t96iCl5Tl8qk:ByZLW0SetKp9/6iYyqk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-