General
-
Target
6caff2f8a8e30415cdefc3c882d12e23b2420380a6e94b2ecb01ba368088cb34
-
Size
685KB
-
Sample
230328-lgskzsab63
-
MD5
c401814d407d4c26fddac1bcdb5105f6
-
SHA1
f98e2310b5c7486537faf8d0d0d77ff7f8668df8
-
SHA256
6caff2f8a8e30415cdefc3c882d12e23b2420380a6e94b2ecb01ba368088cb34
-
SHA512
82f8aca33dda045191cc442f8f02c6504ba6868924f24b98a2bfa42987ff5ead492e22971d86a3f7d6d162226ec6996232fb3dd0b6951c7b8575a9099591b710
-
SSDEEP
12288:AMrEy90OqxOewtqI7ItYxVAfk7ZsQ79+MQzBViUZyWRPw7NbR/EIqoU1:0yD5bN7wYbvbWziQRqNtMd1
Static task
static1
Behavioral task
behavioral1
Sample
6caff2f8a8e30415cdefc3c882d12e23b2420380a6e94b2ecb01ba368088cb34.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
6caff2f8a8e30415cdefc3c882d12e23b2420380a6e94b2ecb01ba368088cb34
-
Size
685KB
-
MD5
c401814d407d4c26fddac1bcdb5105f6
-
SHA1
f98e2310b5c7486537faf8d0d0d77ff7f8668df8
-
SHA256
6caff2f8a8e30415cdefc3c882d12e23b2420380a6e94b2ecb01ba368088cb34
-
SHA512
82f8aca33dda045191cc442f8f02c6504ba6868924f24b98a2bfa42987ff5ead492e22971d86a3f7d6d162226ec6996232fb3dd0b6951c7b8575a9099591b710
-
SSDEEP
12288:AMrEy90OqxOewtqI7ItYxVAfk7ZsQ79+MQzBViUZyWRPw7NbR/EIqoU1:0yD5bN7wYbvbWziQRqNtMd1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-