General
-
Target
f4d1b036c3618815c4a2595d5361f058921f1d31a4f25170d1d98a2872346baf
-
Size
522KB
-
Sample
230403-za3z2aha63
-
MD5
d396e253c892886611acd1cde94f75e7
-
SHA1
1b6ccdb70dbc3b1e246edd4a2ebb03453637cfe3
-
SHA256
f4d1b036c3618815c4a2595d5361f058921f1d31a4f25170d1d98a2872346baf
-
SHA512
3da940adce815e9db8a71c88f5870bff6764eddb023212a160f97f9f84304e0b2e3843a2e0e54012eaede0c4f1bf97f48335c9a4d48891e15dd6e7d3edf68aad
-
SSDEEP
12288:GMr5y90WfOC61sZ2Zg/FMZUCii8XJ4omzWPQlQuMzd+ruB7GiA:Py7fOn/g/uZHiXiofPYQnYaBBA
Static task
static1
Behavioral task
behavioral1
Sample
f4d1b036c3618815c4a2595d5361f058921f1d31a4f25170d1d98a2872346baf.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
f4d1b036c3618815c4a2595d5361f058921f1d31a4f25170d1d98a2872346baf
-
Size
522KB
-
MD5
d396e253c892886611acd1cde94f75e7
-
SHA1
1b6ccdb70dbc3b1e246edd4a2ebb03453637cfe3
-
SHA256
f4d1b036c3618815c4a2595d5361f058921f1d31a4f25170d1d98a2872346baf
-
SHA512
3da940adce815e9db8a71c88f5870bff6764eddb023212a160f97f9f84304e0b2e3843a2e0e54012eaede0c4f1bf97f48335c9a4d48891e15dd6e7d3edf68aad
-
SSDEEP
12288:GMr5y90WfOC61sZ2Zg/FMZUCii8XJ4omzWPQlQuMzd+ruB7GiA:Py7fOn/g/uZHiXiofPYQnYaBBA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-