General
-
Target
c016e628270d6b742daa760567c342832962177cb243a10eda1370d8ba827aaf
-
Size
698KB
-
Sample
230328-mmndwscb71
-
MD5
1317180aae8f24b62bd407f6dc74c574
-
SHA1
79ee2bb98f83f7da9516f4602b6907bcc9937c0b
-
SHA256
c016e628270d6b742daa760567c342832962177cb243a10eda1370d8ba827aaf
-
SHA512
a9645eb122a4e95c5b02eaeb42e4726dc1569150e8a6e37c09ea78c8253f61a189c8b7ca0f6a092690134f01aa41737dd5aab6e5315532739a8a1e60df4772e4
-
SSDEEP
12288:AMrQy906C83jfyFUvE8y/z1rgZeeqL65FGjDAxI9gypsjtEY8:Ay5R8UvEXZrMyuGjgI9l6iY8
Static task
static1
Behavioral task
behavioral1
Sample
c016e628270d6b742daa760567c342832962177cb243a10eda1370d8ba827aaf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
c016e628270d6b742daa760567c342832962177cb243a10eda1370d8ba827aaf
-
Size
698KB
-
MD5
1317180aae8f24b62bd407f6dc74c574
-
SHA1
79ee2bb98f83f7da9516f4602b6907bcc9937c0b
-
SHA256
c016e628270d6b742daa760567c342832962177cb243a10eda1370d8ba827aaf
-
SHA512
a9645eb122a4e95c5b02eaeb42e4726dc1569150e8a6e37c09ea78c8253f61a189c8b7ca0f6a092690134f01aa41737dd5aab6e5315532739a8a1e60df4772e4
-
SSDEEP
12288:AMrQy906C83jfyFUvE8y/z1rgZeeqL65FGjDAxI9gypsjtEY8:Ay5R8UvEXZrMyuGjgI9l6iY8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-