General
-
Target
3eda14a59494a567e160c51cea9982dc85bbf10db1420c26cae651d2853bc3f8
-
Size
658KB
-
Sample
230403-ylwvesgh33
-
MD5
57248c116a8af3cadc43ffa5053c608b
-
SHA1
bc860e875d9ab8b3fb49a9a6e29d8633aebf2b54
-
SHA256
3eda14a59494a567e160c51cea9982dc85bbf10db1420c26cae651d2853bc3f8
-
SHA512
efb271fe4b4b5f67c526de941ddace3f7c5a199c29f2dfe7ce5c16c8842466318a8a891f6c14913ca2823889a44da661f5e828dee0f6bb09c75a9f2cc96b1308
-
SSDEEP
12288:xMrxy90xBg2wGj11NyDRts1cQL4hSvvaE444lzWKZT8v0Z+/:4yGu2wCgtK5BvSER4YKo/
Static task
static1
Behavioral task
behavioral1
Sample
3eda14a59494a567e160c51cea9982dc85bbf10db1420c26cae651d2853bc3f8.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
3eda14a59494a567e160c51cea9982dc85bbf10db1420c26cae651d2853bc3f8
-
Size
658KB
-
MD5
57248c116a8af3cadc43ffa5053c608b
-
SHA1
bc860e875d9ab8b3fb49a9a6e29d8633aebf2b54
-
SHA256
3eda14a59494a567e160c51cea9982dc85bbf10db1420c26cae651d2853bc3f8
-
SHA512
efb271fe4b4b5f67c526de941ddace3f7c5a199c29f2dfe7ce5c16c8842466318a8a891f6c14913ca2823889a44da661f5e828dee0f6bb09c75a9f2cc96b1308
-
SSDEEP
12288:xMrxy90xBg2wGj11NyDRts1cQL4hSvvaE444lzWKZT8v0Z+/:4yGu2wCgtK5BvSER4YKo/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-