General
-
Target
204d2aded58943e2399b621b701ab228b2909e3db496ce40afb8ee608d2fed51
-
Size
698KB
-
Sample
230328-n292wace2v
-
MD5
91fd707bfc4859880eb9cd01e31e1a28
-
SHA1
f6792321cf8c5efc288623fc260892466147808b
-
SHA256
204d2aded58943e2399b621b701ab228b2909e3db496ce40afb8ee608d2fed51
-
SHA512
bcf6773a2696075bb31a704437adfa2ac1832a753e61103c6d943baeec88ca8ef5069bc9dc5fc060d82e472bf775beb0198dc3c324724906a6145acffd1fe8e4
-
SSDEEP
12288:bMrly90siwp+pfGGzu86xz1HfDCwyUNL6N9GjnAxI9gEE+cA:eyViwp+kJZ/DCw3+GjcI9LpcA
Static task
static1
Behavioral task
behavioral1
Sample
204d2aded58943e2399b621b701ab228b2909e3db496ce40afb8ee608d2fed51.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
204d2aded58943e2399b621b701ab228b2909e3db496ce40afb8ee608d2fed51
-
Size
698KB
-
MD5
91fd707bfc4859880eb9cd01e31e1a28
-
SHA1
f6792321cf8c5efc288623fc260892466147808b
-
SHA256
204d2aded58943e2399b621b701ab228b2909e3db496ce40afb8ee608d2fed51
-
SHA512
bcf6773a2696075bb31a704437adfa2ac1832a753e61103c6d943baeec88ca8ef5069bc9dc5fc060d82e472bf775beb0198dc3c324724906a6145acffd1fe8e4
-
SSDEEP
12288:bMrly90siwp+pfGGzu86xz1HfDCwyUNL6N9GjnAxI9gEE+cA:eyViwp+kJZ/DCw3+GjcI9LpcA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-