General
-
Target
3abdd3e1e4f94c4cb33eff3d9dc453546ef7767fe59ce9d8d1e3948499c1121c
-
Size
698KB
-
Sample
230328-my6dvaae57
-
MD5
239df7b49cfba5f1b2c9220884577368
-
SHA1
50559308ccd2dde38bbe5a4566d354620d81b3ad
-
SHA256
3abdd3e1e4f94c4cb33eff3d9dc453546ef7767fe59ce9d8d1e3948499c1121c
-
SHA512
63836322a43024e648e590b2009d209ce98f219e668dc44b9cc6a40b969f45d7d98f8e9a5cea8a1b71e8eb0a72c48ca805f9957889f643f2f064a5f96aa13f18
-
SSDEEP
12288:kMrky90PRHhfpz/RCaBT8dSz10xykIkbqcL6TyGj3AxI9gXVkkDfYopo:Qy0/PCaBT5Zsv9xGjsI90ik7Yom
Static task
static1
Behavioral task
behavioral1
Sample
3abdd3e1e4f94c4cb33eff3d9dc453546ef7767fe59ce9d8d1e3948499c1121c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
3abdd3e1e4f94c4cb33eff3d9dc453546ef7767fe59ce9d8d1e3948499c1121c
-
Size
698KB
-
MD5
239df7b49cfba5f1b2c9220884577368
-
SHA1
50559308ccd2dde38bbe5a4566d354620d81b3ad
-
SHA256
3abdd3e1e4f94c4cb33eff3d9dc453546ef7767fe59ce9d8d1e3948499c1121c
-
SHA512
63836322a43024e648e590b2009d209ce98f219e668dc44b9cc6a40b969f45d7d98f8e9a5cea8a1b71e8eb0a72c48ca805f9957889f643f2f064a5f96aa13f18
-
SSDEEP
12288:kMrky90PRHhfpz/RCaBT8dSz10xykIkbqcL6TyGj3AxI9gXVkkDfYopo:Qy0/PCaBT5Zsv9xGjsI90ik7Yom
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-