General
-
Target
b1e26ec8936d82e778b606e0153513b8cd28914096802281ed4adf8805e30471
-
Size
700KB
-
Sample
230328-ma1hpaad46
-
MD5
f40b657edf8e22e54060ab56944b5395
-
SHA1
3b48cc39a5476080decb9674dce9ad546a78c35f
-
SHA256
b1e26ec8936d82e778b606e0153513b8cd28914096802281ed4adf8805e30471
-
SHA512
c57f668705a746453b4bcb3c578c91a97060e99c09e15d017a8ca4a67dd27de9ecded50e25f5015da0619f4616db4102d72c5f37bf371d04cd62604b0a02946b
-
SSDEEP
12288:QMrRy90jg3L1TRMt8UX6so0GjSFlNJEmDVg9im6YyGj7yxv9ghaa82eWDi:Ry116tBKQRgncGjav9YP5eD
Static task
static1
Behavioral task
behavioral1
Sample
b1e26ec8936d82e778b606e0153513b8cd28914096802281ed4adf8805e30471.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
b1e26ec8936d82e778b606e0153513b8cd28914096802281ed4adf8805e30471
-
Size
700KB
-
MD5
f40b657edf8e22e54060ab56944b5395
-
SHA1
3b48cc39a5476080decb9674dce9ad546a78c35f
-
SHA256
b1e26ec8936d82e778b606e0153513b8cd28914096802281ed4adf8805e30471
-
SHA512
c57f668705a746453b4bcb3c578c91a97060e99c09e15d017a8ca4a67dd27de9ecded50e25f5015da0619f4616db4102d72c5f37bf371d04cd62604b0a02946b
-
SSDEEP
12288:QMrRy90jg3L1TRMt8UX6so0GjSFlNJEmDVg9im6YyGj7yxv9ghaa82eWDi:Ry116tBKQRgncGjav9YP5eD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-