General
-
Target
054520c4b388fe3b821190b6eed66a4709d75ff719b5f7f9be2f526b6852dd11
-
Size
683KB
-
Sample
230328-ll3xhsbh6y
-
MD5
5be0860c84f6198da68f5f5273fcf5a4
-
SHA1
c4a7ea2d51c4849b748ae7d8c671b9952f97e771
-
SHA256
054520c4b388fe3b821190b6eed66a4709d75ff719b5f7f9be2f526b6852dd11
-
SHA512
647710c52065772f6675c8280bf597812f5ca990800d5e8cb8c71e5d2203833473414edd8278e73ee848fafc63588e8b4349e96a5c263b3eb242823a42336548
-
SSDEEP
12288:YMrGy907M1TUqp1tt7ZhBOiBTb95w9eIjr3wUqimLL3ozCb7y:+ykMUatSiBPluw+mLLFbG
Static task
static1
Behavioral task
behavioral1
Sample
054520c4b388fe3b821190b6eed66a4709d75ff719b5f7f9be2f526b6852dd11.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
054520c4b388fe3b821190b6eed66a4709d75ff719b5f7f9be2f526b6852dd11
-
Size
683KB
-
MD5
5be0860c84f6198da68f5f5273fcf5a4
-
SHA1
c4a7ea2d51c4849b748ae7d8c671b9952f97e771
-
SHA256
054520c4b388fe3b821190b6eed66a4709d75ff719b5f7f9be2f526b6852dd11
-
SHA512
647710c52065772f6675c8280bf597812f5ca990800d5e8cb8c71e5d2203833473414edd8278e73ee848fafc63588e8b4349e96a5c263b3eb242823a42336548
-
SSDEEP
12288:YMrGy907M1TUqp1tt7ZhBOiBTb95w9eIjr3wUqimLL3ozCb7y:+ykMUatSiBPluw+mLLFbG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-