General
-
Target
a1c2137af99ca160899b6a826e3c1bdf7e98f3d1401508d5ed80afbaff2b8cb0
-
Size
697KB
-
Sample
230328-nn3ewacd4t
-
MD5
0ebd8340abfaa6e0236adb2e8e874046
-
SHA1
c3f1c47e4929db078f8db1f944f9878370e002c7
-
SHA256
a1c2137af99ca160899b6a826e3c1bdf7e98f3d1401508d5ed80afbaff2b8cb0
-
SHA512
d357ec6703ef90b98546a4c62da151ccea9a214b1f1c88170c67dd615a530d3e95bb012549981a9f077fb01de7830991ef546ab05ee7d17f8fa301fa500548a8
-
SSDEEP
12288:dMrjy903TShUFyL0YfT8B/YixyGaSSTmLL643GjJAxI9goIRq:Gy8yV0YfT2x3aS9XGjCI95sq
Static task
static1
Behavioral task
behavioral1
Sample
a1c2137af99ca160899b6a826e3c1bdf7e98f3d1401508d5ed80afbaff2b8cb0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
a1c2137af99ca160899b6a826e3c1bdf7e98f3d1401508d5ed80afbaff2b8cb0
-
Size
697KB
-
MD5
0ebd8340abfaa6e0236adb2e8e874046
-
SHA1
c3f1c47e4929db078f8db1f944f9878370e002c7
-
SHA256
a1c2137af99ca160899b6a826e3c1bdf7e98f3d1401508d5ed80afbaff2b8cb0
-
SHA512
d357ec6703ef90b98546a4c62da151ccea9a214b1f1c88170c67dd615a530d3e95bb012549981a9f077fb01de7830991ef546ab05ee7d17f8fa301fa500548a8
-
SSDEEP
12288:dMrjy903TShUFyL0YfT8B/YixyGaSSTmLL643GjJAxI9goIRq:Gy8yV0YfT2x3aS9XGjCI95sq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-