General
-
Target
c78156b87014ddf399b3fd7cb6081e4c3bd3dc7e5afc0eacbe725ef02dc727ab
-
Size
686KB
-
Sample
230328-l1g9csca7y
-
MD5
1b25342094a80ce9438d33c18c806985
-
SHA1
3783c8d561719611c6a776ff2d2a16842a66a48b
-
SHA256
c78156b87014ddf399b3fd7cb6081e4c3bd3dc7e5afc0eacbe725ef02dc727ab
-
SHA512
84788f12a9ac5981f8719df906c380bc322c2e289a8e6bb270fe0dd4d2bf8d4f57280ce63772885c8a817d03202fff3646b99d3eb9b8fc01909b618d4154002f
-
SSDEEP
12288:DMrXy909N6GclvYJLQDjgUkn6UnF69hU0RbVwBaFr/+tjzjRcDA:8y2sGTlEPkn60I5bWaFjgjqM
Static task
static1
Behavioral task
behavioral1
Sample
c78156b87014ddf399b3fd7cb6081e4c3bd3dc7e5afc0eacbe725ef02dc727ab.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
c78156b87014ddf399b3fd7cb6081e4c3bd3dc7e5afc0eacbe725ef02dc727ab
-
Size
686KB
-
MD5
1b25342094a80ce9438d33c18c806985
-
SHA1
3783c8d561719611c6a776ff2d2a16842a66a48b
-
SHA256
c78156b87014ddf399b3fd7cb6081e4c3bd3dc7e5afc0eacbe725ef02dc727ab
-
SHA512
84788f12a9ac5981f8719df906c380bc322c2e289a8e6bb270fe0dd4d2bf8d4f57280ce63772885c8a817d03202fff3646b99d3eb9b8fc01909b618d4154002f
-
SSDEEP
12288:DMrXy909N6GclvYJLQDjgUkn6UnF69hU0RbVwBaFr/+tjzjRcDA:8y2sGTlEPkn60I5bWaFjgjqM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-