General
-
Target
76b64f2d6d8aabd3d0ef298103f94231774fdf422814b3611729064e9a6a54f0
-
Size
684KB
-
Sample
230328-ls75taca3y
-
MD5
a6bcff4982419e7e0df7ae72aa6424cd
-
SHA1
3ac3621be367cc397620bdbbbd1ed9a2fce20e51
-
SHA256
76b64f2d6d8aabd3d0ef298103f94231774fdf422814b3611729064e9a6a54f0
-
SHA512
7180931017227882188a0d43449bb9ebc3ed246c7f1f4fe9cb5b28fda7a33ce64f95f694fb3e4504cb015e0126eb35da18c4b5239d9f7db537f5b465d72e8ba8
-
SSDEEP
12288:KMrcy90H5C/pEB7czX5cwmP0zafY1uOHHolKMnoEmt7FaACpRy3NO:CyUvxc9dSeavOnYvobpa9V
Static task
static1
Behavioral task
behavioral1
Sample
76b64f2d6d8aabd3d0ef298103f94231774fdf422814b3611729064e9a6a54f0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
76b64f2d6d8aabd3d0ef298103f94231774fdf422814b3611729064e9a6a54f0
-
Size
684KB
-
MD5
a6bcff4982419e7e0df7ae72aa6424cd
-
SHA1
3ac3621be367cc397620bdbbbd1ed9a2fce20e51
-
SHA256
76b64f2d6d8aabd3d0ef298103f94231774fdf422814b3611729064e9a6a54f0
-
SHA512
7180931017227882188a0d43449bb9ebc3ed246c7f1f4fe9cb5b28fda7a33ce64f95f694fb3e4504cb015e0126eb35da18c4b5239d9f7db537f5b465d72e8ba8
-
SSDEEP
12288:KMrcy90H5C/pEB7czX5cwmP0zafY1uOHHolKMnoEmt7FaACpRy3NO:CyUvxc9dSeavOnYvobpa9V
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-