General
-
Target
7431387e71dad27accaacae638cfab121ff5b9909f8685a983ccb42a5626875a
-
Size
663KB
-
Sample
230403-x5zjzsgg27
-
MD5
be085753bb2e63c4f06cd5637d48af62
-
SHA1
5dffce4eaad9fe7a2e134e2f56ae5587757dad8d
-
SHA256
7431387e71dad27accaacae638cfab121ff5b9909f8685a983ccb42a5626875a
-
SHA512
6f788a26a5533b538d4a1dea1221f4ec456be639eb9291a36de32e41f0eddd2255c86d034e4ceaac5f822af5c0c21001f7e271e56bb00130467068e07a7a2cdb
-
SSDEEP
12288:vMrey90LA3X81JlypN8IKDW1HldjdO/kanLh8i/0L0v444zWKhBqHe4k0:dyIA+2NoK1HHjdOpVhq0w4xKhB2
Static task
static1
Behavioral task
behavioral1
Sample
7431387e71dad27accaacae638cfab121ff5b9909f8685a983ccb42a5626875a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
7431387e71dad27accaacae638cfab121ff5b9909f8685a983ccb42a5626875a
-
Size
663KB
-
MD5
be085753bb2e63c4f06cd5637d48af62
-
SHA1
5dffce4eaad9fe7a2e134e2f56ae5587757dad8d
-
SHA256
7431387e71dad27accaacae638cfab121ff5b9909f8685a983ccb42a5626875a
-
SHA512
6f788a26a5533b538d4a1dea1221f4ec456be639eb9291a36de32e41f0eddd2255c86d034e4ceaac5f822af5c0c21001f7e271e56bb00130467068e07a7a2cdb
-
SSDEEP
12288:vMrey90LA3X81JlypN8IKDW1HldjdO/kanLh8i/0L0v444zWKhBqHe4k0:dyIA+2NoK1HHjdOpVhq0w4xKhB2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-