General
-
Target
a3d8f99c98c0f526dc62621527fb61682488211a846b810bfac2d5c02f05860e
-
Size
522KB
-
Sample
230403-y32r1aag31
-
MD5
d04b55cef45bc4b5ef12eb221d4b5ef5
-
SHA1
78a5146d58dbdae415b211c1698460db22e986d7
-
SHA256
a3d8f99c98c0f526dc62621527fb61682488211a846b810bfac2d5c02f05860e
-
SHA512
aa7e81c75ea2c70f6cb2f01e9bfb3936bd9a22b6f54641b2941f05a33ee5b4ada78b82a0ddb31ed02e916f22045b88049d1a59645efeaf8b3abee8a3b8c9c42a
-
SSDEEP
12288:yMrHy90dVR1o7V+2s/2rnhxL3u42580J4vuzWKXRVoTPbQLmAO6l5F:1ySRH/CnhxLym0iv3KXHwgmAO6l/
Static task
static1
Behavioral task
behavioral1
Sample
a3d8f99c98c0f526dc62621527fb61682488211a846b810bfac2d5c02f05860e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
a3d8f99c98c0f526dc62621527fb61682488211a846b810bfac2d5c02f05860e
-
Size
522KB
-
MD5
d04b55cef45bc4b5ef12eb221d4b5ef5
-
SHA1
78a5146d58dbdae415b211c1698460db22e986d7
-
SHA256
a3d8f99c98c0f526dc62621527fb61682488211a846b810bfac2d5c02f05860e
-
SHA512
aa7e81c75ea2c70f6cb2f01e9bfb3936bd9a22b6f54641b2941f05a33ee5b4ada78b82a0ddb31ed02e916f22045b88049d1a59645efeaf8b3abee8a3b8c9c42a
-
SSDEEP
12288:yMrHy90dVR1o7V+2s/2rnhxL3u42580J4vuzWKXRVoTPbQLmAO6l5F:1ySRH/CnhxLym0iv3KXHwgmAO6l/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-