General
-
Target
152c16c9812f4399210185ee3f1cda0e6c4d33ebad98617f3b648e8c710b0d4c
-
Size
522KB
-
Sample
230403-yhyjvaae9z
-
MD5
3980f586c591f5ddef6d4a7be5548b2c
-
SHA1
b949b299d5c24a62d273ae9a27e9baabc87fb47c
-
SHA256
152c16c9812f4399210185ee3f1cda0e6c4d33ebad98617f3b648e8c710b0d4c
-
SHA512
c9da6b90b7348d29273d1939933d2bddb95615b5d543757c2a0aa92089f914909d627b26a68a2c01db978abd604a8255a2519024938c1dd4864d7052e7e48ea4
-
SSDEEP
12288:MMr9y90cR88h6IXyva24ii9St8rt4okzWKMRxUK1+1runbQ8FZIOc:ByzRVYFUieruoNKKF13bQ8bC
Static task
static1
Behavioral task
behavioral1
Sample
152c16c9812f4399210185ee3f1cda0e6c4d33ebad98617f3b648e8c710b0d4c.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
152c16c9812f4399210185ee3f1cda0e6c4d33ebad98617f3b648e8c710b0d4c
-
Size
522KB
-
MD5
3980f586c591f5ddef6d4a7be5548b2c
-
SHA1
b949b299d5c24a62d273ae9a27e9baabc87fb47c
-
SHA256
152c16c9812f4399210185ee3f1cda0e6c4d33ebad98617f3b648e8c710b0d4c
-
SHA512
c9da6b90b7348d29273d1939933d2bddb95615b5d543757c2a0aa92089f914909d627b26a68a2c01db978abd604a8255a2519024938c1dd4864d7052e7e48ea4
-
SSDEEP
12288:MMr9y90cR88h6IXyva24ii9St8rt4okzWKMRxUK1+1runbQ8FZIOc:ByzRVYFUieruoNKKF13bQ8bC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-