General
-
Target
fc87ad10d295f423e889799ff7480f1880e30f842d9bf5a055e022d70c42ce04
-
Size
684KB
-
Sample
230328-l5n8gaca9z
-
MD5
08f244981aa47994e40c327da0d64cc8
-
SHA1
2791ca8529f6cf8bb691619eef7da3bd12cabc3e
-
SHA256
fc87ad10d295f423e889799ff7480f1880e30f842d9bf5a055e022d70c42ce04
-
SHA512
0b490636f270b17fa8b333485a9d1e88f443ebdc37ebc4a8dd6be54b8a71e227054c4a4224223e1fc25a960578995e6a31519c28e03b2eba1ad0a4b23918e978
-
SSDEEP
12288:nMr1y90ZJ0CvTtD7FKM6hl4strF2kC3ellAPiWG6a:Cy+vTDCl4stZCunA26a
Static task
static1
Behavioral task
behavioral1
Sample
fc87ad10d295f423e889799ff7480f1880e30f842d9bf5a055e022d70c42ce04.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
fc87ad10d295f423e889799ff7480f1880e30f842d9bf5a055e022d70c42ce04
-
Size
684KB
-
MD5
08f244981aa47994e40c327da0d64cc8
-
SHA1
2791ca8529f6cf8bb691619eef7da3bd12cabc3e
-
SHA256
fc87ad10d295f423e889799ff7480f1880e30f842d9bf5a055e022d70c42ce04
-
SHA512
0b490636f270b17fa8b333485a9d1e88f443ebdc37ebc4a8dd6be54b8a71e227054c4a4224223e1fc25a960578995e6a31519c28e03b2eba1ad0a4b23918e978
-
SSDEEP
12288:nMr1y90ZJ0CvTtD7FKM6hl4strF2kC3ellAPiWG6a:Cy+vTDCl4stZCunA26a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-