General
-
Target
8ab1e86a5d34b7a131910c8ce4d8e9000e2f37aa8870bb73a6b868b50db2f014
-
Size
697KB
-
Sample
230328-n1f3eacd9z
-
MD5
dbe1938aeace3ca58b054ec0bb0d2ac0
-
SHA1
ed7607a0ca45d5769a1d01ad50f03f9488495a99
-
SHA256
8ab1e86a5d34b7a131910c8ce4d8e9000e2f37aa8870bb73a6b868b50db2f014
-
SHA512
b0d8d2adc5a78f3a4fbf957c59f91fce7eef089b660278f20c9c268ddefb842ffbf57c44f25509e769c1b0e96387122988cad1596e3ad2e9a8278704553f8749
-
SSDEEP
12288:CMrly90iAdsN+dJlZnC74prGdV+ygnLv3L6VMGj6AxI9gVOL5rC2:PyJAWMdJznXrWVPeLTNGj3I9UA5X
Static task
static1
Behavioral task
behavioral1
Sample
8ab1e86a5d34b7a131910c8ce4d8e9000e2f37aa8870bb73a6b868b50db2f014.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
8ab1e86a5d34b7a131910c8ce4d8e9000e2f37aa8870bb73a6b868b50db2f014
-
Size
697KB
-
MD5
dbe1938aeace3ca58b054ec0bb0d2ac0
-
SHA1
ed7607a0ca45d5769a1d01ad50f03f9488495a99
-
SHA256
8ab1e86a5d34b7a131910c8ce4d8e9000e2f37aa8870bb73a6b868b50db2f014
-
SHA512
b0d8d2adc5a78f3a4fbf957c59f91fce7eef089b660278f20c9c268ddefb842ffbf57c44f25509e769c1b0e96387122988cad1596e3ad2e9a8278704553f8749
-
SSDEEP
12288:CMrly90iAdsN+dJlZnC74prGdV+ygnLv3L6VMGj6AxI9gVOL5rC2:PyJAWMdJznXrWVPeLTNGj3I9UA5X
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-