General
-
Target
6d48a5e0bd372f15a380157fc15dae54144eb399e9be8d74ce703ad4ce174afb
-
Size
684KB
-
Sample
230328-lxph9sac73
-
MD5
91585a2ddb43f6963dbf19d011eb8772
-
SHA1
dc471a126bc159c3365586abc0240a940408e520
-
SHA256
6d48a5e0bd372f15a380157fc15dae54144eb399e9be8d74ce703ad4ce174afb
-
SHA512
dd76858bdb5b7cbd7dd5b1a83c7d667586f4e2cba0974dd14d5e648bb429ab75177d185167484aa66beb7ad135d1c51c899f4e6837ab211690e81891cead8755
-
SSDEEP
12288:eMryy90BQBtbpdymokRFp/hu56pEvfmKoWYfdv/pt4oX+9aSLerxt/:QyDL15avZof1ZCaSLeX
Static task
static1
Behavioral task
behavioral1
Sample
6d48a5e0bd372f15a380157fc15dae54144eb399e9be8d74ce703ad4ce174afb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
6d48a5e0bd372f15a380157fc15dae54144eb399e9be8d74ce703ad4ce174afb
-
Size
684KB
-
MD5
91585a2ddb43f6963dbf19d011eb8772
-
SHA1
dc471a126bc159c3365586abc0240a940408e520
-
SHA256
6d48a5e0bd372f15a380157fc15dae54144eb399e9be8d74ce703ad4ce174afb
-
SHA512
dd76858bdb5b7cbd7dd5b1a83c7d667586f4e2cba0974dd14d5e648bb429ab75177d185167484aa66beb7ad135d1c51c899f4e6837ab211690e81891cead8755
-
SSDEEP
12288:eMryy90BQBtbpdymokRFp/hu56pEvfmKoWYfdv/pt4oX+9aSLerxt/:QyDL15avZof1ZCaSLeX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-