General
-
Target
ddb89cd8277fe66a12ee4d7ef7cae5e80ac8eb81b4345b76ca569ea55128520d
-
Size
663KB
-
Sample
230403-ybbfqsae7w
-
MD5
caf9195b791c514db3032f5580c16e76
-
SHA1
6a45d18fc93d0fcac1e64f7de369faf0a24dc461
-
SHA256
ddb89cd8277fe66a12ee4d7ef7cae5e80ac8eb81b4345b76ca569ea55128520d
-
SHA512
d3becff7f78da4be7feeb17e900165499a8df320695fd19d9a9bf611368dcf85e348408a5801880590ad1d3cccc82c58dfe12602318eb166b06050f5fb2bdf56
-
SSDEEP
12288:MMr+y90/viuU1cgXLgDvDycPocBE449zWKigZtRL2uFeF5m:Syy+dcFBV4AKF9L2meF5m
Static task
static1
Behavioral task
behavioral1
Sample
ddb89cd8277fe66a12ee4d7ef7cae5e80ac8eb81b4345b76ca569ea55128520d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
ddb89cd8277fe66a12ee4d7ef7cae5e80ac8eb81b4345b76ca569ea55128520d
-
Size
663KB
-
MD5
caf9195b791c514db3032f5580c16e76
-
SHA1
6a45d18fc93d0fcac1e64f7de369faf0a24dc461
-
SHA256
ddb89cd8277fe66a12ee4d7ef7cae5e80ac8eb81b4345b76ca569ea55128520d
-
SHA512
d3becff7f78da4be7feeb17e900165499a8df320695fd19d9a9bf611368dcf85e348408a5801880590ad1d3cccc82c58dfe12602318eb166b06050f5fb2bdf56
-
SSDEEP
12288:MMr+y90/viuU1cgXLgDvDycPocBE449zWKigZtRL2uFeF5m:Syy+dcFBV4AKF9L2meF5m
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-