General
-
Target
a24db565569f81a1b0f22235d779aa025691f7f2a5173b09432baae34c286ee8
-
Size
522KB
-
Sample
230403-yklcasgh23
-
MD5
437f9f372385aa7b3f093f643c66a6c7
-
SHA1
cb1bb95c9307af44af0a06cb93b6ed92f09f04ba
-
SHA256
a24db565569f81a1b0f22235d779aa025691f7f2a5173b09432baae34c286ee8
-
SHA512
5af137b660faa10e8178cd2ba5db867c602031f084a620b926340267e397826b0e5114af3d2841ade57994181463f5cee44166b03ddf420b5dfacb7aed4ea1e7
-
SSDEEP
12288:/Mruy90LCICjbOm1NTCYcSZ81G4vpzWKH64q6xXpo:Vy4m1hCYcb1vvsKa4qaX2
Static task
static1
Behavioral task
behavioral1
Sample
a24db565569f81a1b0f22235d779aa025691f7f2a5173b09432baae34c286ee8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
a24db565569f81a1b0f22235d779aa025691f7f2a5173b09432baae34c286ee8
-
Size
522KB
-
MD5
437f9f372385aa7b3f093f643c66a6c7
-
SHA1
cb1bb95c9307af44af0a06cb93b6ed92f09f04ba
-
SHA256
a24db565569f81a1b0f22235d779aa025691f7f2a5173b09432baae34c286ee8
-
SHA512
5af137b660faa10e8178cd2ba5db867c602031f084a620b926340267e397826b0e5114af3d2841ade57994181463f5cee44166b03ddf420b5dfacb7aed4ea1e7
-
SSDEEP
12288:/Mruy90LCICjbOm1NTCYcSZ81G4vpzWKH64q6xXpo:Vy4m1hCYcb1vvsKa4qaX2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-