General
-
Target
dabc7bec8dec8831808e6c25a753cccda1e855a0bd7babf605105372f0728cb3
-
Size
522KB
-
Sample
230403-xl5lwsad3s
-
MD5
d87d95a95c56d34059e92f5f74bc36c7
-
SHA1
cdcd89fa898f468c648415a00e059fd0666e3397
-
SHA256
dabc7bec8dec8831808e6c25a753cccda1e855a0bd7babf605105372f0728cb3
-
SHA512
5347d153f8f431e728e7450b3ca3440d0f59a4be1664ecf24adadd883ea043e229e2b4d7c6d3ef6a1934e8cf6adb625c2ba1bae5bbf770bed2fddebb0f1cf552
-
SSDEEP
12288:QMrly90IMiIv1nyZ2M4KLnmBbugl6c2rWFR:ly5MJyZ7mBhsiFR
Static task
static1
Behavioral task
behavioral1
Sample
dabc7bec8dec8831808e6c25a753cccda1e855a0bd7babf605105372f0728cb3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
dabc7bec8dec8831808e6c25a753cccda1e855a0bd7babf605105372f0728cb3
-
Size
522KB
-
MD5
d87d95a95c56d34059e92f5f74bc36c7
-
SHA1
cdcd89fa898f468c648415a00e059fd0666e3397
-
SHA256
dabc7bec8dec8831808e6c25a753cccda1e855a0bd7babf605105372f0728cb3
-
SHA512
5347d153f8f431e728e7450b3ca3440d0f59a4be1664ecf24adadd883ea043e229e2b4d7c6d3ef6a1934e8cf6adb625c2ba1bae5bbf770bed2fddebb0f1cf552
-
SSDEEP
12288:QMrly90IMiIv1nyZ2M4KLnmBbugl6c2rWFR:ly5MJyZ7mBhsiFR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-