General
-
Target
8105c5718a75fb7a55cb2bde09639d8cd5dcc94762e774d86c9ba79522d7f299
-
Size
683KB
-
Sample
230328-lt9d9sca4y
-
MD5
85e00665d371cb3ded0c77aeb3ea6a1a
-
SHA1
0dd72ba1e65921a2e148c3c74098ce96f4dd06e5
-
SHA256
8105c5718a75fb7a55cb2bde09639d8cd5dcc94762e774d86c9ba79522d7f299
-
SHA512
f2d34f2d4c2e42b6beaf8cf43f8f2b1a51af69fb46f917015c972102a426ca167a7561b9b9fb79ae32c782ead936b86913c6b6df47422a3a30d48d313fc0ee06
-
SSDEEP
12288:tMroy90gx4Do450MvVh9marHj3UftE6GfUOYv0AINXaOCpRyLNTuT3zl:xyD+xXtjzUFEYGanV3R
Static task
static1
Behavioral task
behavioral1
Sample
8105c5718a75fb7a55cb2bde09639d8cd5dcc94762e774d86c9ba79522d7f299.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
8105c5718a75fb7a55cb2bde09639d8cd5dcc94762e774d86c9ba79522d7f299
-
Size
683KB
-
MD5
85e00665d371cb3ded0c77aeb3ea6a1a
-
SHA1
0dd72ba1e65921a2e148c3c74098ce96f4dd06e5
-
SHA256
8105c5718a75fb7a55cb2bde09639d8cd5dcc94762e774d86c9ba79522d7f299
-
SHA512
f2d34f2d4c2e42b6beaf8cf43f8f2b1a51af69fb46f917015c972102a426ca167a7561b9b9fb79ae32c782ead936b86913c6b6df47422a3a30d48d313fc0ee06
-
SSDEEP
12288:tMroy90gx4Do450MvVh9marHj3UftE6GfUOYv0AINXaOCpRyLNTuT3zl:xyD+xXtjzUFEYGanV3R
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-