General
-
Target
5b2109b80afde95e19b1bd5a5bf3b97feda3b63d3f1765b0d8778d509aa76f6f
-
Size
749KB
-
Sample
230328-1cmlhafb6x
-
MD5
67579dd3d907f844d4235868a8b8fde8
-
SHA1
7aec509347e266db7d2854acecc9cd2eb53ad65b
-
SHA256
5b2109b80afde95e19b1bd5a5bf3b97feda3b63d3f1765b0d8778d509aa76f6f
-
SHA512
7bada622b07fc8329a4ca3e5ae47a78b106030b22b59c48336a968befa978f4e0a2349c1450056f766772ebe65c17120e4ecfbe8e92b8d3856d848f609718862
-
SSDEEP
12288:nGcyhTXPtEz8pgkHLCvhHWpmtDDc6ml6cgqk/vs63lVWTRGSaojkhC6qHYprpD:EhTXPOz8pguLCFcvAJqkvl8naoAnqHaD
Static task
static1
Behavioral task
behavioral1
Sample
5b2109b80afde95e19b1bd5a5bf3b97feda3b63d3f1765b0d8778d509aa76f6f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
5b2109b80afde95e19b1bd5a5bf3b97feda3b63d3f1765b0d8778d509aa76f6f
-
Size
749KB
-
MD5
67579dd3d907f844d4235868a8b8fde8
-
SHA1
7aec509347e266db7d2854acecc9cd2eb53ad65b
-
SHA256
5b2109b80afde95e19b1bd5a5bf3b97feda3b63d3f1765b0d8778d509aa76f6f
-
SHA512
7bada622b07fc8329a4ca3e5ae47a78b106030b22b59c48336a968befa978f4e0a2349c1450056f766772ebe65c17120e4ecfbe8e92b8d3856d848f609718862
-
SSDEEP
12288:nGcyhTXPtEz8pgkHLCvhHWpmtDDc6ml6cgqk/vs63lVWTRGSaojkhC6qHYprpD:EhTXPOz8pguLCFcvAJqkvl8naoAnqHaD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-