General
-
Target
966531d350bfa786264ec4c7b51dd12fcc306e4672feddc1bed5a02136fb2ddf
-
Size
699KB
-
Sample
230328-l94hyscb3x
-
MD5
c79bf922ade397944e900576a1123771
-
SHA1
f0ba21435fb09ce12ebb89376bb2ef7446de78f0
-
SHA256
966531d350bfa786264ec4c7b51dd12fcc306e4672feddc1bed5a02136fb2ddf
-
SHA512
96945a0da01780eb93b265c096f233a2e4280a7d60775e9c7f062796b21782cbe9916acf9ba19a45450b97611e7547ce69f5810d058ac09624240684c8dc8e7d
-
SSDEEP
12288:DMrjy90cc1xVopa6SRsvvhR6XpTvfvCnZDJGRxonAi+bJm6hNGjIyxv9g3RavFH:My1m0JfHAdvyn5JSWntyGjrv9qIHoqY
Static task
static1
Behavioral task
behavioral1
Sample
966531d350bfa786264ec4c7b51dd12fcc306e4672feddc1bed5a02136fb2ddf.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
966531d350bfa786264ec4c7b51dd12fcc306e4672feddc1bed5a02136fb2ddf
-
Size
699KB
-
MD5
c79bf922ade397944e900576a1123771
-
SHA1
f0ba21435fb09ce12ebb89376bb2ef7446de78f0
-
SHA256
966531d350bfa786264ec4c7b51dd12fcc306e4672feddc1bed5a02136fb2ddf
-
SHA512
96945a0da01780eb93b265c096f233a2e4280a7d60775e9c7f062796b21782cbe9916acf9ba19a45450b97611e7547ce69f5810d058ac09624240684c8dc8e7d
-
SSDEEP
12288:DMrjy90cc1xVopa6SRsvvhR6XpTvfvCnZDJGRxonAi+bJm6hNGjIyxv9g3RavFH:My1m0JfHAdvyn5JSWntyGjrv9qIHoqY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-