General
-
Target
66bd2cffb953b2b681a92cd6e52cf456a0932e3e1fe86ad66bc61f2311567ba3
-
Size
697KB
-
Sample
230328-m1wx7acc3z
-
MD5
8c1bf7447051037c9435d545e546c86a
-
SHA1
3d9a9cfdca3658e072166b83354d7a21bf1335dd
-
SHA256
66bd2cffb953b2b681a92cd6e52cf456a0932e3e1fe86ad66bc61f2311567ba3
-
SHA512
31a14b3e42394d5e4a90eba06f56c3f7607164502c06076a788cb8e32f95b8863910f370011e83bcf260968eb20572dd1627e5f30b3105807240b6ca5b7530c0
-
SSDEEP
12288:dMrjy90Oi7k6fGV6agj8B/YuxywfMH8vL6qYGjmAxI9gugscwWk:my5KHjixOHwSGjbI9LpP
Static task
static1
Behavioral task
behavioral1
Sample
66bd2cffb953b2b681a92cd6e52cf456a0932e3e1fe86ad66bc61f2311567ba3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
66bd2cffb953b2b681a92cd6e52cf456a0932e3e1fe86ad66bc61f2311567ba3
-
Size
697KB
-
MD5
8c1bf7447051037c9435d545e546c86a
-
SHA1
3d9a9cfdca3658e072166b83354d7a21bf1335dd
-
SHA256
66bd2cffb953b2b681a92cd6e52cf456a0932e3e1fe86ad66bc61f2311567ba3
-
SHA512
31a14b3e42394d5e4a90eba06f56c3f7607164502c06076a788cb8e32f95b8863910f370011e83bcf260968eb20572dd1627e5f30b3105807240b6ca5b7530c0
-
SSDEEP
12288:dMrjy90Oi7k6fGV6agj8B/YuxywfMH8vL6qYGjmAxI9gugscwWk:my5KHjixOHwSGjbI9LpP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-