General
-
Target
6b24140ecbe81d765bac9cc65784daad497db616459961e1f801bace789a8b84
-
Size
659KB
-
Sample
230403-xqyn5sgf33
-
MD5
22457c6b8494b21fb77ccb60780d88f0
-
SHA1
c737267d86dfd32acda8c0dfa781d3053a68376c
-
SHA256
6b24140ecbe81d765bac9cc65784daad497db616459961e1f801bace789a8b84
-
SHA512
4818b8f5b08fc434d8560f699c648be166d749a58feb9850700cf0215468fcd77b3ace25dd8dc0c4d02fe4f5a8fda55706370c82f96094cd6f8017810c56cc9a
-
SSDEEP
12288:0MrSy90Ajf1L44dCDwvMFIUwPQdZS2mOEp26RT/wJ+b:2yVJ4nwSInPQC2mB5RjFb
Static task
static1
Behavioral task
behavioral1
Sample
6b24140ecbe81d765bac9cc65784daad497db616459961e1f801bace789a8b84.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
6b24140ecbe81d765bac9cc65784daad497db616459961e1f801bace789a8b84
-
Size
659KB
-
MD5
22457c6b8494b21fb77ccb60780d88f0
-
SHA1
c737267d86dfd32acda8c0dfa781d3053a68376c
-
SHA256
6b24140ecbe81d765bac9cc65784daad497db616459961e1f801bace789a8b84
-
SHA512
4818b8f5b08fc434d8560f699c648be166d749a58feb9850700cf0215468fcd77b3ace25dd8dc0c4d02fe4f5a8fda55706370c82f96094cd6f8017810c56cc9a
-
SSDEEP
12288:0MrSy90Ajf1L44dCDwvMFIUwPQdZS2mOEp26RT/wJ+b:2yVJ4nwSInPQC2mB5RjFb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-