General
-
Target
20463cb45b69afe8e259f2f04a5196dad45ac8d50b6d7d9ba2a6465381a0987b
-
Size
522KB
-
Sample
230403-ydgqjagg64
-
MD5
af6ab3fcf238702875d956d68521fef6
-
SHA1
4c6f33f3b5c287d112decffa003149ce57213cd2
-
SHA256
20463cb45b69afe8e259f2f04a5196dad45ac8d50b6d7d9ba2a6465381a0987b
-
SHA512
1b5b7cb87a5640b6d163fa73a0afab4959b0a486133e59a16f289c5b350528fdb51ce19d2394151f20bcc9c73dd937a71afd3ff6a4d8e8c12604e4eb0233f2d7
-
SSDEEP
12288:0MrRy90zPwCtQM1M7mUEbSlmy8/Q4LyzWK/c9v3QKl:Vy9EMFEbb/5LrKBKl
Static task
static1
Behavioral task
behavioral1
Sample
20463cb45b69afe8e259f2f04a5196dad45ac8d50b6d7d9ba2a6465381a0987b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
20463cb45b69afe8e259f2f04a5196dad45ac8d50b6d7d9ba2a6465381a0987b
-
Size
522KB
-
MD5
af6ab3fcf238702875d956d68521fef6
-
SHA1
4c6f33f3b5c287d112decffa003149ce57213cd2
-
SHA256
20463cb45b69afe8e259f2f04a5196dad45ac8d50b6d7d9ba2a6465381a0987b
-
SHA512
1b5b7cb87a5640b6d163fa73a0afab4959b0a486133e59a16f289c5b350528fdb51ce19d2394151f20bcc9c73dd937a71afd3ff6a4d8e8c12604e4eb0233f2d7
-
SSDEEP
12288:0MrRy90zPwCtQM1M7mUEbSlmy8/Q4LyzWK/c9v3QKl:Vy9EMFEbb/5LrKBKl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-