General
-
Target
b206052b5c76467276c648bec011ab9d412819b5d5ee7e7068e768259fcc1e65
-
Size
657KB
-
Sample
230403-zynv1sah9w
-
MD5
105a944771c98272cb9b0e62bd36e112
-
SHA1
ab720c6d94ad77f494c0e08e20cecd9cdeb0dc52
-
SHA256
b206052b5c76467276c648bec011ab9d412819b5d5ee7e7068e768259fcc1e65
-
SHA512
ac4be2ade414c2166b788197fe773619b3a16d28ad38c9216ab2beb520896fd5fc89b8032d72112cd9ab2e47e2fcee76904226e49307498a659a6cd02638c47a
-
SSDEEP
12288:QMr+y90EEq5CxOSO0GoAhztINg5+VLt8U0tOFO44lzWKQE8vOCxYj:+ygq5CxOLPRtH+VhA4Fn4YK6xw
Static task
static1
Behavioral task
behavioral1
Sample
b206052b5c76467276c648bec011ab9d412819b5d5ee7e7068e768259fcc1e65.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
b206052b5c76467276c648bec011ab9d412819b5d5ee7e7068e768259fcc1e65
-
Size
657KB
-
MD5
105a944771c98272cb9b0e62bd36e112
-
SHA1
ab720c6d94ad77f494c0e08e20cecd9cdeb0dc52
-
SHA256
b206052b5c76467276c648bec011ab9d412819b5d5ee7e7068e768259fcc1e65
-
SHA512
ac4be2ade414c2166b788197fe773619b3a16d28ad38c9216ab2beb520896fd5fc89b8032d72112cd9ab2e47e2fcee76904226e49307498a659a6cd02638c47a
-
SSDEEP
12288:QMr+y90EEq5CxOSO0GoAhztINg5+VLt8U0tOFO44lzWKQE8vOCxYj:+ygq5CxOLPRtH+VhA4Fn4YK6xw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-