General
-
Target
236d6964559a3592d32a2b760c8353363b0a51d5c54db2b012b32492415e4a15
-
Size
752KB
-
Sample
230328-17dxvafc8z
-
MD5
190c07a589e581e8ba109bb55a417846
-
SHA1
461a37717de409dd71132a2d18edc38c381b4c13
-
SHA256
236d6964559a3592d32a2b760c8353363b0a51d5c54db2b012b32492415e4a15
-
SHA512
920cea6836456ad551f364c70062a1b3fc23994d5b5986cc55d5ca10b70be56b61db7d3417f10f7c002fe57ca99b1cfa14f20f07ddd905c01d118295ef895b8f
-
SSDEEP
12288:y6loBKUk8OW2YlksgdmkmpdMWzsVcS5AzTVyOv6swiiF2jq:B0KUFOeQb+dMWAtCzTsFswiBq
Static task
static1
Behavioral task
behavioral1
Sample
236d6964559a3592d32a2b760c8353363b0a51d5c54db2b012b32492415e4a15.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
236d6964559a3592d32a2b760c8353363b0a51d5c54db2b012b32492415e4a15.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
236d6964559a3592d32a2b760c8353363b0a51d5c54db2b012b32492415e4a15
-
Size
752KB
-
MD5
190c07a589e581e8ba109bb55a417846
-
SHA1
461a37717de409dd71132a2d18edc38c381b4c13
-
SHA256
236d6964559a3592d32a2b760c8353363b0a51d5c54db2b012b32492415e4a15
-
SHA512
920cea6836456ad551f364c70062a1b3fc23994d5b5986cc55d5ca10b70be56b61db7d3417f10f7c002fe57ca99b1cfa14f20f07ddd905c01d118295ef895b8f
-
SSDEEP
12288:y6loBKUk8OW2YlksgdmkmpdMWzsVcS5AzTVyOv6swiiF2jq:B0KUFOeQb+dMWAtCzTsFswiBq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-