General
-
Target
f19c06dbaf98aa2f2701b5c8ee5be43667600583741c96957741782f31bc841d
-
Size
660KB
-
Sample
230403-xfd7rage68
-
MD5
f21f51ee32abe19671d4e02e545ce136
-
SHA1
43fae9d27a4b9f7f4e397dcc1fb289718da60f92
-
SHA256
f19c06dbaf98aa2f2701b5c8ee5be43667600583741c96957741782f31bc841d
-
SHA512
92f1f2d83180c5d2dc9e8fd35d6a3222e50e7494c3492ba1d68d13cd21e02626328cb18ba6421a53df85eab1e69236ec2c3278cf9b76d1197978a5986c78736b
-
SSDEEP
12288:ZMriy90QM5I7iVCIOrjvxYxoiUo7molHb/58oOsZSyr4bWl6MH18:TyTM5IuAHvx2oi3cyrnso8
Static task
static1
Behavioral task
behavioral1
Sample
f19c06dbaf98aa2f2701b5c8ee5be43667600583741c96957741782f31bc841d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
f19c06dbaf98aa2f2701b5c8ee5be43667600583741c96957741782f31bc841d
-
Size
660KB
-
MD5
f21f51ee32abe19671d4e02e545ce136
-
SHA1
43fae9d27a4b9f7f4e397dcc1fb289718da60f92
-
SHA256
f19c06dbaf98aa2f2701b5c8ee5be43667600583741c96957741782f31bc841d
-
SHA512
92f1f2d83180c5d2dc9e8fd35d6a3222e50e7494c3492ba1d68d13cd21e02626328cb18ba6421a53df85eab1e69236ec2c3278cf9b76d1197978a5986c78736b
-
SSDEEP
12288:ZMriy90QM5I7iVCIOrjvxYxoiUo7molHb/58oOsZSyr4bWl6MH18:TyTM5IuAHvx2oi3cyrnso8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-