General
-
Target
5db3c651f0eee37c8bbac69164b46ebe7d28e3307ffc68cb879126b7f65c4097
-
Size
521KB
-
Sample
230403-y27xmaag3x
-
MD5
bc63f4e29e93ca3fb9978b1f404cc15a
-
SHA1
90a1c26820f8237135d244320ce8ea5c5be2b424
-
SHA256
5db3c651f0eee37c8bbac69164b46ebe7d28e3307ffc68cb879126b7f65c4097
-
SHA512
e23d55e1623ed1591fac7ea0353f08ca706059257417b1a67d0de049f453d17345c529fbb2f19ff192f462ed9ed635a1f3a3a28b7502db347ea730c5539c6ae1
-
SSDEEP
12288:vMrby90HV/vL+N2ZJ6lypJ9O8e94fIzWKIW1vw9QQ2AO/:QyuVXlZElyBHeefBKw9QgO/
Static task
static1
Behavioral task
behavioral1
Sample
5db3c651f0eee37c8bbac69164b46ebe7d28e3307ffc68cb879126b7f65c4097.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
5db3c651f0eee37c8bbac69164b46ebe7d28e3307ffc68cb879126b7f65c4097
-
Size
521KB
-
MD5
bc63f4e29e93ca3fb9978b1f404cc15a
-
SHA1
90a1c26820f8237135d244320ce8ea5c5be2b424
-
SHA256
5db3c651f0eee37c8bbac69164b46ebe7d28e3307ffc68cb879126b7f65c4097
-
SHA512
e23d55e1623ed1591fac7ea0353f08ca706059257417b1a67d0de049f453d17345c529fbb2f19ff192f462ed9ed635a1f3a3a28b7502db347ea730c5539c6ae1
-
SSDEEP
12288:vMrby90HV/vL+N2ZJ6lypJ9O8e94fIzWKIW1vw9QQ2AO/:QyuVXlZElyBHeefBKw9QgO/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-