General
-
Target
58d908be5df6f1662bfb7e0046d894eac62dd9319e77ba83688388d1471f3949
-
Size
684KB
-
Sample
230328-l7kytscb2w
-
MD5
d4777d9e2a34d8dace81a87a1fcd3239
-
SHA1
e14f60accd93ff410b6c6b952c50f252f86a14ee
-
SHA256
58d908be5df6f1662bfb7e0046d894eac62dd9319e77ba83688388d1471f3949
-
SHA512
c1472343c33a0ceaea2ed5cf71449b1366483d7b8df52223611bea79ec94cc474b555de8c627a5ec37628981bfac149295fb4a8fe1eddcac9c8d4172d562d430
-
SSDEEP
12288:vMrSy90TKsX0ao3hqvYrqHs/LtdEU2k4+rllAV0pCHPe:FymKyw3IGjXz4QnA2
Static task
static1
Behavioral task
behavioral1
Sample
58d908be5df6f1662bfb7e0046d894eac62dd9319e77ba83688388d1471f3949.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
58d908be5df6f1662bfb7e0046d894eac62dd9319e77ba83688388d1471f3949
-
Size
684KB
-
MD5
d4777d9e2a34d8dace81a87a1fcd3239
-
SHA1
e14f60accd93ff410b6c6b952c50f252f86a14ee
-
SHA256
58d908be5df6f1662bfb7e0046d894eac62dd9319e77ba83688388d1471f3949
-
SHA512
c1472343c33a0ceaea2ed5cf71449b1366483d7b8df52223611bea79ec94cc474b555de8c627a5ec37628981bfac149295fb4a8fe1eddcac9c8d4172d562d430
-
SSDEEP
12288:vMrSy90TKsX0ao3hqvYrqHs/LtdEU2k4+rllAV0pCHPe:FymKyw3IGjXz4QnA2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-