General
-
Target
d4f211978cbbcb9887d3a9ffdc34aaaa09c60d45504879797ad7e574bc9f9b4a
-
Size
683KB
-
Sample
230328-lfsvcsab57
-
MD5
9717c22ded16a030afd622ad874abf97
-
SHA1
574ee8cf9873d547c76620de7188a2a20b06600e
-
SHA256
d4f211978cbbcb9887d3a9ffdc34aaaa09c60d45504879797ad7e574bc9f9b4a
-
SHA512
5dbea294240e3083ed38f6de4f28dd349e3450990d42cd7909ceeb635f9b2f50adbab7b690d37e94ecaf8698fde7a5d350c37d7caccabc20e1d0e07bf2b2ab2d
-
SSDEEP
12288:UMr+y907y5AypuVIo3hy/Es6fEMUqk4P+npLUWVmGL3/sTUlVkv99:qy0y8hiVxqPOpLJmGLkgSb
Static task
static1
Behavioral task
behavioral1
Sample
d4f211978cbbcb9887d3a9ffdc34aaaa09c60d45504879797ad7e574bc9f9b4a.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
d4f211978cbbcb9887d3a9ffdc34aaaa09c60d45504879797ad7e574bc9f9b4a
-
Size
683KB
-
MD5
9717c22ded16a030afd622ad874abf97
-
SHA1
574ee8cf9873d547c76620de7188a2a20b06600e
-
SHA256
d4f211978cbbcb9887d3a9ffdc34aaaa09c60d45504879797ad7e574bc9f9b4a
-
SHA512
5dbea294240e3083ed38f6de4f28dd349e3450990d42cd7909ceeb635f9b2f50adbab7b690d37e94ecaf8698fde7a5d350c37d7caccabc20e1d0e07bf2b2ab2d
-
SSDEEP
12288:UMr+y907y5AypuVIo3hy/Es6fEMUqk4P+npLUWVmGL3/sTUlVkv99:qy0y8hiVxqPOpLJmGLkgSb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-