General
-
Target
8c1fc1f34104f977648fe34dbeae2be31f60cb020cd9c15e0334e06f831ce4ea
-
Size
683KB
-
Sample
230328-lskdraca3v
-
MD5
b8576778ab6033ef140bb7cbc338e66f
-
SHA1
43a129ff3a501407b9098ee2cec0ed3a049c287d
-
SHA256
8c1fc1f34104f977648fe34dbeae2be31f60cb020cd9c15e0334e06f831ce4ea
-
SHA512
1950ea6b0a5d4124ff5093ae89d72c5044982c2cc04d96ff3bac78d939972a59c12486449901c92049b7fef2f211ca253a946c725b2e76af86afab661378f983
-
SSDEEP
12288:0MrOy90cG3xVXC/Dt+czsUEXkUbamnFpD2lOadCpRyrNKppO8K94:yyFc0Dt5zsnaOb28a8Vp08i4
Static task
static1
Behavioral task
behavioral1
Sample
8c1fc1f34104f977648fe34dbeae2be31f60cb020cd9c15e0334e06f831ce4ea.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
8c1fc1f34104f977648fe34dbeae2be31f60cb020cd9c15e0334e06f831ce4ea
-
Size
683KB
-
MD5
b8576778ab6033ef140bb7cbc338e66f
-
SHA1
43a129ff3a501407b9098ee2cec0ed3a049c287d
-
SHA256
8c1fc1f34104f977648fe34dbeae2be31f60cb020cd9c15e0334e06f831ce4ea
-
SHA512
1950ea6b0a5d4124ff5093ae89d72c5044982c2cc04d96ff3bac78d939972a59c12486449901c92049b7fef2f211ca253a946c725b2e76af86afab661378f983
-
SSDEEP
12288:0MrOy90cG3xVXC/Dt+czsUEXkUbamnFpD2lOadCpRyrNKppO8K94:yyFc0Dt5zsnaOb28a8Vp08i4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-