General
-
Target
17669aebf7908470beaf891b026faefc60be64ddeca822a10a62697357a8f95d
-
Size
522KB
-
Sample
230403-yxwc2aaf9t
-
MD5
1d4b06de21837c4bc37ee379e1360529
-
SHA1
8be9357037567a0c9524e13246d2e6d8a60b668f
-
SHA256
17669aebf7908470beaf891b026faefc60be64ddeca822a10a62697357a8f95d
-
SHA512
53ab1635c932d6e2ee639422dc09f9bff839fbb225fa68f9a00b47b4e20f5cadd95ee073ea592a219319afd79a3ef348fe41173554663bf639fa3580794561a9
-
SSDEEP
12288:bMrvy90wbReKKcv0DfjXiOpf8kP4HrzWK6hWWM9THx8OhHND:4yBgcsr2OOkQHWK60THxvp
Static task
static1
Behavioral task
behavioral1
Sample
17669aebf7908470beaf891b026faefc60be64ddeca822a10a62697357a8f95d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
17669aebf7908470beaf891b026faefc60be64ddeca822a10a62697357a8f95d
-
Size
522KB
-
MD5
1d4b06de21837c4bc37ee379e1360529
-
SHA1
8be9357037567a0c9524e13246d2e6d8a60b668f
-
SHA256
17669aebf7908470beaf891b026faefc60be64ddeca822a10a62697357a8f95d
-
SHA512
53ab1635c932d6e2ee639422dc09f9bff839fbb225fa68f9a00b47b4e20f5cadd95ee073ea592a219319afd79a3ef348fe41173554663bf639fa3580794561a9
-
SSDEEP
12288:bMrvy90wbReKKcv0DfjXiOpf8kP4HrzWK6hWWM9THx8OhHND:4yBgcsr2OOkQHWK60THxvp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-