General
-
Target
a1a52614d5705f1996f7b60a241974df885e01bcec447c4db5e319adf78bbec4
-
Size
659KB
-
Sample
230403-zhmb9aah3s
-
MD5
45232796ac84ff9b81317c2d3683b717
-
SHA1
8f0ad692f050a3c09320c5e06211dbe5f62f75d4
-
SHA256
a1a52614d5705f1996f7b60a241974df885e01bcec447c4db5e319adf78bbec4
-
SHA512
c13c372bf383656d03b9e7f245f020409dceb193a999c79c204c6c919297987678dbbda00b67cca464b4a53100298839dd62e000789565f3ef06b4eaff7cb204
-
SSDEEP
12288:7Mruy90JonDXNj5T0b9FptIbtQZMtnQgOb0ZqLk44WzWKCZ8vW0z/kSrCh:5yContWZtStQ+N2fL14PKCSro
Static task
static1
Behavioral task
behavioral1
Sample
a1a52614d5705f1996f7b60a241974df885e01bcec447c4db5e319adf78bbec4.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
a1a52614d5705f1996f7b60a241974df885e01bcec447c4db5e319adf78bbec4
-
Size
659KB
-
MD5
45232796ac84ff9b81317c2d3683b717
-
SHA1
8f0ad692f050a3c09320c5e06211dbe5f62f75d4
-
SHA256
a1a52614d5705f1996f7b60a241974df885e01bcec447c4db5e319adf78bbec4
-
SHA512
c13c372bf383656d03b9e7f245f020409dceb193a999c79c204c6c919297987678dbbda00b67cca464b4a53100298839dd62e000789565f3ef06b4eaff7cb204
-
SSDEEP
12288:7Mruy90JonDXNj5T0b9FptIbtQZMtnQgOb0ZqLk44WzWKCZ8vW0z/kSrCh:5yContWZtStQ+N2fL14PKCSro
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-