General
-
Target
ae087ec7c9204b37367db264df7cc8156a344a0ed52ee03f1c272731bf3e4d55
-
Size
698KB
-
Sample
230328-m2ltlscc31
-
MD5
a4df163bceba0f42236b1cc5807d098b
-
SHA1
0744191d1599a705b4c3b5f77ece1464d72a5d80
-
SHA256
ae087ec7c9204b37367db264df7cc8156a344a0ed52ee03f1c272731bf3e4d55
-
SHA512
12f8fc62ee77051c756d0527cdc1ca843fd0ffc1f336c0f03a7685b8ef24c14333e8ca0cf0d3967191057b48b5d6b92d1031a4b7e367f6880130ee0d48253c35
-
SSDEEP
12288:cMryy90zeVEYmLmRCtoh82Fz1ckd5Q6/CYL6exGjeAxI9gdLUaim3:OyWe27ruhhZTW61zGjzI9+YK3
Static task
static1
Behavioral task
behavioral1
Sample
ae087ec7c9204b37367db264df7cc8156a344a0ed52ee03f1c272731bf3e4d55.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
ae087ec7c9204b37367db264df7cc8156a344a0ed52ee03f1c272731bf3e4d55
-
Size
698KB
-
MD5
a4df163bceba0f42236b1cc5807d098b
-
SHA1
0744191d1599a705b4c3b5f77ece1464d72a5d80
-
SHA256
ae087ec7c9204b37367db264df7cc8156a344a0ed52ee03f1c272731bf3e4d55
-
SHA512
12f8fc62ee77051c756d0527cdc1ca843fd0ffc1f336c0f03a7685b8ef24c14333e8ca0cf0d3967191057b48b5d6b92d1031a4b7e367f6880130ee0d48253c35
-
SSDEEP
12288:cMryy90zeVEYmLmRCtoh82Fz1ckd5Q6/CYL6exGjeAxI9gdLUaim3:OyWe27ruhhZTW61zGjzI9+YK3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-