General
-
Target
bbfc8af0250a2bcf24ea6aefb60f4359b01d66ac91ad70330ecfa8d681a6eb53
-
Size
699KB
-
Sample
230328-nmzmlacd3z
-
MD5
dd88b99d904e43b260f59217cfd2ea1d
-
SHA1
3c322a81f48c552b0ea8cf17a2ce49a072c07a36
-
SHA256
bbfc8af0250a2bcf24ea6aefb60f4359b01d66ac91ad70330ecfa8d681a6eb53
-
SHA512
eeb2a245c18f610361abaeb37e50d0d357f36c74c1450de84e983c49116ed74149bcd7660212043ab614f788074c0a4802dd1e7fc81650636fc96f485ca36f28
-
SSDEEP
12288:EMrRy90MbCH9q/YI0bthkvLnHu9RFHLcD37G/2L6Z/GjtAxI9gPVQNZBgkKrX:NyVbM95ViaRpC7G/8uGjeI9gSZ6kKD
Static task
static1
Behavioral task
behavioral1
Sample
bbfc8af0250a2bcf24ea6aefb60f4359b01d66ac91ad70330ecfa8d681a6eb53.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
bbfc8af0250a2bcf24ea6aefb60f4359b01d66ac91ad70330ecfa8d681a6eb53
-
Size
699KB
-
MD5
dd88b99d904e43b260f59217cfd2ea1d
-
SHA1
3c322a81f48c552b0ea8cf17a2ce49a072c07a36
-
SHA256
bbfc8af0250a2bcf24ea6aefb60f4359b01d66ac91ad70330ecfa8d681a6eb53
-
SHA512
eeb2a245c18f610361abaeb37e50d0d357f36c74c1450de84e983c49116ed74149bcd7660212043ab614f788074c0a4802dd1e7fc81650636fc96f485ca36f28
-
SSDEEP
12288:EMrRy90MbCH9q/YI0bthkvLnHu9RFHLcD37G/2L6Z/GjtAxI9gPVQNZBgkKrX:NyVbM95ViaRpC7G/8uGjeI9gSZ6kKD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-