General
-
Target
f3200f1fceb3c7875a3f851f6db47807a8f4bf2335dd74b898598772f20a1342
-
Size
522KB
-
Sample
230403-ygvfssgg88
-
MD5
f18f7621b71f3efe9c232ac7f12ccb18
-
SHA1
43cedd83b6d0a8e0af51b7855c21bf1c11e5623c
-
SHA256
f3200f1fceb3c7875a3f851f6db47807a8f4bf2335dd74b898598772f20a1342
-
SHA512
1a767ad53dfdf6b37554ed775d70000a2344f8275b4752103417a86e0c2615b73295cb79a3f602680bb7325392acdb72190e722d7efeb8bc73d1b3985d91a3cf
-
SSDEEP
12288:WMrxy90Yxm0iQ93dPfjZx+G1qr8KK4zfzWKk37F3O:Py5mU9rxBsgKrzqKaB3O
Static task
static1
Behavioral task
behavioral1
Sample
f3200f1fceb3c7875a3f851f6db47807a8f4bf2335dd74b898598772f20a1342.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
f3200f1fceb3c7875a3f851f6db47807a8f4bf2335dd74b898598772f20a1342
-
Size
522KB
-
MD5
f18f7621b71f3efe9c232ac7f12ccb18
-
SHA1
43cedd83b6d0a8e0af51b7855c21bf1c11e5623c
-
SHA256
f3200f1fceb3c7875a3f851f6db47807a8f4bf2335dd74b898598772f20a1342
-
SHA512
1a767ad53dfdf6b37554ed775d70000a2344f8275b4752103417a86e0c2615b73295cb79a3f602680bb7325392acdb72190e722d7efeb8bc73d1b3985d91a3cf
-
SSDEEP
12288:WMrxy90Yxm0iQ93dPfjZx+G1qr8KK4zfzWKk37F3O:Py5mU9rxBsgKrzqKaB3O
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-