General
-
Target
6f00b3dcd26901aab1f50ceb7cea656c7f0c7d7322cea73485cf65e1b07cdf6c
-
Size
522KB
-
Sample
230403-y6k9esag5v
-
MD5
f7147de665e985533fc31eb1b2ae974a
-
SHA1
3e8d396c2eb8634b4bea2ec11adfa9fe8d3c7e30
-
SHA256
6f00b3dcd26901aab1f50ceb7cea656c7f0c7d7322cea73485cf65e1b07cdf6c
-
SHA512
043136a44f8f8da8f7d1f14dd68b5828d58c6e55c9a62b38e0686e431f3b3c895dd522e8d44721528a746b8707d4509d073e17de35485d8cd9d92f6a8361ec0d
-
SSDEEP
12288:AMrty90rLyTShTmN4Am8mq4p+zW4wqKvQrg:9ypNxPmLpH4RM
Static task
static1
Behavioral task
behavioral1
Sample
6f00b3dcd26901aab1f50ceb7cea656c7f0c7d7322cea73485cf65e1b07cdf6c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
6f00b3dcd26901aab1f50ceb7cea656c7f0c7d7322cea73485cf65e1b07cdf6c
-
Size
522KB
-
MD5
f7147de665e985533fc31eb1b2ae974a
-
SHA1
3e8d396c2eb8634b4bea2ec11adfa9fe8d3c7e30
-
SHA256
6f00b3dcd26901aab1f50ceb7cea656c7f0c7d7322cea73485cf65e1b07cdf6c
-
SHA512
043136a44f8f8da8f7d1f14dd68b5828d58c6e55c9a62b38e0686e431f3b3c895dd522e8d44721528a746b8707d4509d073e17de35485d8cd9d92f6a8361ec0d
-
SSDEEP
12288:AMrty90rLyTShTmN4Am8mq4p+zW4wqKvQrg:9ypNxPmLpH4RM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-