General
-
Target
cb4c8a5baa173fe61e5c17b621609ec8294c50bcf6f51f96d8f54de5d8bf0aa3
-
Size
684KB
-
Sample
230328-lm2qvabh61
-
MD5
eb99210ad5dea8bec94fecef8565eef1
-
SHA1
3c029831e23f7d2acec9912654dced68d79c264a
-
SHA256
cb4c8a5baa173fe61e5c17b621609ec8294c50bcf6f51f96d8f54de5d8bf0aa3
-
SHA512
e6722c93fd923e19dea3033bd32b18e6a5b421e2fe2a725207c9a83f8f21901d1fb6f1ebe284f8118141ab99a3b6f3a1907cdd6cc9c371a3b6f2029555582ba0
-
SSDEEP
12288:CMr6y90924pLyep9e9SCPH7+i/nBeR66ttcED+UJumrL3OZgfj:cye5J27+MU66teRmrLJj
Static task
static1
Behavioral task
behavioral1
Sample
cb4c8a5baa173fe61e5c17b621609ec8294c50bcf6f51f96d8f54de5d8bf0aa3.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
cb4c8a5baa173fe61e5c17b621609ec8294c50bcf6f51f96d8f54de5d8bf0aa3
-
Size
684KB
-
MD5
eb99210ad5dea8bec94fecef8565eef1
-
SHA1
3c029831e23f7d2acec9912654dced68d79c264a
-
SHA256
cb4c8a5baa173fe61e5c17b621609ec8294c50bcf6f51f96d8f54de5d8bf0aa3
-
SHA512
e6722c93fd923e19dea3033bd32b18e6a5b421e2fe2a725207c9a83f8f21901d1fb6f1ebe284f8118141ab99a3b6f3a1907cdd6cc9c371a3b6f2029555582ba0
-
SSDEEP
12288:CMr6y90924pLyep9e9SCPH7+i/nBeR66ttcED+UJumrL3OZgfj:cye5J27+MU66teRmrLJj
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-