General
-
Target
1a59dbb8c7517710939d2b920762a83a838c0d248ad8579080431e0903d6a485
-
Size
521KB
-
Sample
230403-xlbntaad2s
-
MD5
662262d89f9a819ed51c2299db7e0f51
-
SHA1
e3e1bc0d575e76d2a0027e774f227c49d3c80722
-
SHA256
1a59dbb8c7517710939d2b920762a83a838c0d248ad8579080431e0903d6a485
-
SHA512
12b145eeccbadb00b05906a7eca2b2449cc90a54cb524a34626a8cbd61bd89c2948bf8bfd944e8127dc3dfac4507f21708d4716424ceb872eb0aee75271e966a
-
SSDEEP
12288:NMr2y90CbxYz+f1hIseUFC8uPvWQ5R4nTFg1i4:3y1VYt7U8Pua4nJgA4
Static task
static1
Behavioral task
behavioral1
Sample
1a59dbb8c7517710939d2b920762a83a838c0d248ad8579080431e0903d6a485.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
1a59dbb8c7517710939d2b920762a83a838c0d248ad8579080431e0903d6a485
-
Size
521KB
-
MD5
662262d89f9a819ed51c2299db7e0f51
-
SHA1
e3e1bc0d575e76d2a0027e774f227c49d3c80722
-
SHA256
1a59dbb8c7517710939d2b920762a83a838c0d248ad8579080431e0903d6a485
-
SHA512
12b145eeccbadb00b05906a7eca2b2449cc90a54cb524a34626a8cbd61bd89c2948bf8bfd944e8127dc3dfac4507f21708d4716424ceb872eb0aee75271e966a
-
SSDEEP
12288:NMr2y90CbxYz+f1hIseUFC8uPvWQ5R4nTFg1i4:3y1VYt7U8Pua4nJgA4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-