General
-
Target
b108d266ff040cd345157a87ee564cbdafee33b26fca6c4a185c493a36f902dd
-
Size
658KB
-
Sample
230403-yqglasgh46
-
MD5
e5cf6c077a2b515db2b551a52d1fb1b4
-
SHA1
33afe11fe73b246478b8be3d8efa30b62ae6c887
-
SHA256
b108d266ff040cd345157a87ee564cbdafee33b26fca6c4a185c493a36f902dd
-
SHA512
67c8dd4e44fcc68cab8029c2bcf71308816d8ae7b1fe3b0797f0bb322ed238ff98196366442b6f2d5d5e1fd6c8e96f245e678133e3ad4627fb071e4856819b74
-
SSDEEP
12288:hMrey90TkeGAU4SzbEs0PtuXyQEulYsLBsz44bzWKD/8v00ctZ:LyukxHxos0PtW/EulYUsM4GKvh
Static task
static1
Behavioral task
behavioral1
Sample
b108d266ff040cd345157a87ee564cbdafee33b26fca6c4a185c493a36f902dd.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
b108d266ff040cd345157a87ee564cbdafee33b26fca6c4a185c493a36f902dd
-
Size
658KB
-
MD5
e5cf6c077a2b515db2b551a52d1fb1b4
-
SHA1
33afe11fe73b246478b8be3d8efa30b62ae6c887
-
SHA256
b108d266ff040cd345157a87ee564cbdafee33b26fca6c4a185c493a36f902dd
-
SHA512
67c8dd4e44fcc68cab8029c2bcf71308816d8ae7b1fe3b0797f0bb322ed238ff98196366442b6f2d5d5e1fd6c8e96f245e678133e3ad4627fb071e4856819b74
-
SSDEEP
12288:hMrey90TkeGAU4SzbEs0PtuXyQEulYsLBsz44bzWKD/8v00ctZ:LyukxHxos0PtW/EulYUsM4GKvh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-