General
-
Target
001038f214c43dbfa2508c1f7d37adc752948c4377921dc6ade6c1425e6181c3
-
Size
697KB
-
Sample
230328-1psy2sfc3w
-
MD5
2323f875a762589e2832c1cb9ed9ea3b
-
SHA1
3ed7f1b5cc9370f39a316951bf6f60ea6be86959
-
SHA256
001038f214c43dbfa2508c1f7d37adc752948c4377921dc6ade6c1425e6181c3
-
SHA512
06defeafaee31afe084c626e9070e34e0eb12e796fb115a43fc0fc5f6f9cfc82effdbdaf6dad57b48828587f7b6bc008a83f61b89589485df3c2358e17b72d69
-
SSDEEP
12288:3Mr1y90YWIiDwmMe3bMfauD23NBj9G5Qu869/scEE9c8I4oWZ4jQVy3q3QFSK:uyNyw5Ch9Bj9fu86qCzIBQcgyX
Static task
static1
Behavioral task
behavioral1
Sample
001038f214c43dbfa2508c1f7d37adc752948c4377921dc6ade6c1425e6181c3.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
001038f214c43dbfa2508c1f7d37adc752948c4377921dc6ade6c1425e6181c3
-
Size
697KB
-
MD5
2323f875a762589e2832c1cb9ed9ea3b
-
SHA1
3ed7f1b5cc9370f39a316951bf6f60ea6be86959
-
SHA256
001038f214c43dbfa2508c1f7d37adc752948c4377921dc6ade6c1425e6181c3
-
SHA512
06defeafaee31afe084c626e9070e34e0eb12e796fb115a43fc0fc5f6f9cfc82effdbdaf6dad57b48828587f7b6bc008a83f61b89589485df3c2358e17b72d69
-
SSDEEP
12288:3Mr1y90YWIiDwmMe3bMfauD23NBj9G5Qu869/scEE9c8I4oWZ4jQVy3q3QFSK:uyNyw5Ch9Bj9fu86qCzIBQcgyX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-