General
-
Target
bb4f6e0d520a7d77373243afbce98cba3fee63a57a622371c79b94e590b5a6f9
-
Size
658KB
-
Sample
230403-zrhenahb48
-
MD5
c1ab87257b7d4d203243eb9050fafc4e
-
SHA1
0035365e55ba34ba7b2e8ce296dbe61760999148
-
SHA256
bb4f6e0d520a7d77373243afbce98cba3fee63a57a622371c79b94e590b5a6f9
-
SHA512
2a4f7d91ff9720b6841eeba8a9e04faeef0af42241d02df88c726ab66ae2116871959daf85b9c846548848aa248732fc7cd4fc0f2c84a89487a9ea73889c0f58
-
SSDEEP
12288:FMrey90TVErXhJ6oMuQK+t1bDQE53MzRlfee44MzWKim8v/xJzd:3y0urz6oxQNthMWGeX4FKwJzd
Static task
static1
Behavioral task
behavioral1
Sample
bb4f6e0d520a7d77373243afbce98cba3fee63a57a622371c79b94e590b5a6f9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
bb4f6e0d520a7d77373243afbce98cba3fee63a57a622371c79b94e590b5a6f9
-
Size
658KB
-
MD5
c1ab87257b7d4d203243eb9050fafc4e
-
SHA1
0035365e55ba34ba7b2e8ce296dbe61760999148
-
SHA256
bb4f6e0d520a7d77373243afbce98cba3fee63a57a622371c79b94e590b5a6f9
-
SHA512
2a4f7d91ff9720b6841eeba8a9e04faeef0af42241d02df88c726ab66ae2116871959daf85b9c846548848aa248732fc7cd4fc0f2c84a89487a9ea73889c0f58
-
SSDEEP
12288:FMrey90TVErXhJ6oMuQK+t1bDQE53MzRlfee44MzWKim8v/xJzd:3y0urz6oxQNthMWGeX4FKwJzd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-