General
-
Target
5d2b43bd3f39ebc9841bdd636084ea5620513b4f166e06262c95ff585e8ff310
-
Size
698KB
-
Sample
230328-m4hvqscc5s
-
MD5
f33efd3d79311fa121bf5e634cb35132
-
SHA1
ef4fe0cbe13d2c47c7c10cecc07c689a1f76e2f6
-
SHA256
5d2b43bd3f39ebc9841bdd636084ea5620513b4f166e06262c95ff585e8ff310
-
SHA512
ac343782c131d0c82651b050ed7f1c34e2bc1b816a8dc89bee451ae0055931773df7bf8bef5dbd2f9b46479046aabee55a431e587bc0a8c1196cbbaf2adae887
-
SSDEEP
12288:6MrVy90NsqYd5cXO8Nez1wgysd/L66VGjeAxI9gV6Ivnzrx0:XyAGvcXODZ1yCrGjzI9Ev7ru
Static task
static1
Behavioral task
behavioral1
Sample
5d2b43bd3f39ebc9841bdd636084ea5620513b4f166e06262c95ff585e8ff310.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
5d2b43bd3f39ebc9841bdd636084ea5620513b4f166e06262c95ff585e8ff310
-
Size
698KB
-
MD5
f33efd3d79311fa121bf5e634cb35132
-
SHA1
ef4fe0cbe13d2c47c7c10cecc07c689a1f76e2f6
-
SHA256
5d2b43bd3f39ebc9841bdd636084ea5620513b4f166e06262c95ff585e8ff310
-
SHA512
ac343782c131d0c82651b050ed7f1c34e2bc1b816a8dc89bee451ae0055931773df7bf8bef5dbd2f9b46479046aabee55a431e587bc0a8c1196cbbaf2adae887
-
SSDEEP
12288:6MrVy90NsqYd5cXO8Nez1wgysd/L66VGjeAxI9gV6Ivnzrx0:XyAGvcXODZ1yCrGjzI9Ev7ru
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-