General
-
Target
b917acc11bde080ad083210079ce978cf4d19b016a56148df44a49fc37fed34b
-
Size
677KB
-
Sample
230405-ek3rssdf21
-
MD5
b851d75f35fa92846fa11daa164f5655
-
SHA1
4b4189a0481c58544dbe4826ca80c4f34ca552b3
-
SHA256
b917acc11bde080ad083210079ce978cf4d19b016a56148df44a49fc37fed34b
-
SHA512
1b25e330a5bf7b8fc6bdb8e76d5a0a5210c943fb952b93c3c678fe4f8725c02650031eaa8cd84a8aad9a8d00803276ddaefe75d0689c1b5a5504b3f9880127fb
-
SSDEEP
12288:ZMrUy90O6UocJ15NmPrgbVj6T3tby6DUOsXggMPWvGItJf/z:pyf6U115Nmze020U/ggM+jtx/z
Static task
static1
Behavioral task
behavioral1
Sample
b917acc11bde080ad083210079ce978cf4d19b016a56148df44a49fc37fed34b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b917acc11bde080ad083210079ce978cf4d19b016a56148df44a49fc37fed34b.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
b917acc11bde080ad083210079ce978cf4d19b016a56148df44a49fc37fed34b
-
Size
677KB
-
MD5
b851d75f35fa92846fa11daa164f5655
-
SHA1
4b4189a0481c58544dbe4826ca80c4f34ca552b3
-
SHA256
b917acc11bde080ad083210079ce978cf4d19b016a56148df44a49fc37fed34b
-
SHA512
1b25e330a5bf7b8fc6bdb8e76d5a0a5210c943fb952b93c3c678fe4f8725c02650031eaa8cd84a8aad9a8d00803276ddaefe75d0689c1b5a5504b3f9880127fb
-
SSDEEP
12288:ZMrUy90O6UocJ15NmPrgbVj6T3tby6DUOsXggMPWvGItJf/z:pyf6U115Nmze020U/ggM+jtx/z
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-