General
-
Target
8884f560fdf0ce3cbf748da04808516fa0ae214dcbdfa0b044d5b7b62653ae02
-
Size
686KB
-
Sample
230328-l32e1sad25
-
MD5
f344db191954ab3209f4b52558ce5387
-
SHA1
5d852195f0f07a8f238bb21ce895b69ed60cefc2
-
SHA256
8884f560fdf0ce3cbf748da04808516fa0ae214dcbdfa0b044d5b7b62653ae02
-
SHA512
6e74b1365d27df282848cdfcade47feb3d9d4a7e7f140c16c7b379c7606705cc806b77231c9175c3a1f604cd8360314dcc4af1193690bec5924f03886844d1ba
-
SSDEEP
12288:eMray90cbib6z27bmGgxGucVDtkYhzokT2bY10Ib3qYKXMax4PTdn:IyK6SnmLxGuYVSk+Q0INVa2PZn
Static task
static1
Behavioral task
behavioral1
Sample
8884f560fdf0ce3cbf748da04808516fa0ae214dcbdfa0b044d5b7b62653ae02.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
8884f560fdf0ce3cbf748da04808516fa0ae214dcbdfa0b044d5b7b62653ae02
-
Size
686KB
-
MD5
f344db191954ab3209f4b52558ce5387
-
SHA1
5d852195f0f07a8f238bb21ce895b69ed60cefc2
-
SHA256
8884f560fdf0ce3cbf748da04808516fa0ae214dcbdfa0b044d5b7b62653ae02
-
SHA512
6e74b1365d27df282848cdfcade47feb3d9d4a7e7f140c16c7b379c7606705cc806b77231c9175c3a1f604cd8360314dcc4af1193690bec5924f03886844d1ba
-
SSDEEP
12288:eMray90cbib6z27bmGgxGucVDtkYhzokT2bY10Ib3qYKXMax4PTdn:IyK6SnmLxGuYVSk+Q0INVa2PZn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-