General
-
Target
c6ffa7074b4b0bcda78e5649a60a25f48f80cbb6d71341eba9e33699a3450609
-
Size
698KB
-
Sample
230328-nynz8sag64
-
MD5
1d9edd70b0c7f551e9d77a951081b857
-
SHA1
3bac803b79eb5da4276e64c63c9b9a9b1895aedc
-
SHA256
c6ffa7074b4b0bcda78e5649a60a25f48f80cbb6d71341eba9e33699a3450609
-
SHA512
8f8e13b0629ef464dae8d84dc0d95b11ff00ae9d308591de523ae56cb86f38197cf47c2e044debb4c171131247587b050f18f23596ca836d23b38633d0ead54f
-
SSDEEP
12288:qMrey90koQ8L7+98mm4F0LROqfsiSIwjBdpL6uGGjWAxI9gAFGN6FWhMm:MyxkO8b42dvfCjBT2GjLI9z1Whb
Static task
static1
Behavioral task
behavioral1
Sample
c6ffa7074b4b0bcda78e5649a60a25f48f80cbb6d71341eba9e33699a3450609.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
c6ffa7074b4b0bcda78e5649a60a25f48f80cbb6d71341eba9e33699a3450609
-
Size
698KB
-
MD5
1d9edd70b0c7f551e9d77a951081b857
-
SHA1
3bac803b79eb5da4276e64c63c9b9a9b1895aedc
-
SHA256
c6ffa7074b4b0bcda78e5649a60a25f48f80cbb6d71341eba9e33699a3450609
-
SHA512
8f8e13b0629ef464dae8d84dc0d95b11ff00ae9d308591de523ae56cb86f38197cf47c2e044debb4c171131247587b050f18f23596ca836d23b38633d0ead54f
-
SSDEEP
12288:qMrey90koQ8L7+98mm4F0LROqfsiSIwjBdpL6uGGjWAxI9gAFGN6FWhMm:MyxkO8b42dvfCjBT2GjLI9z1Whb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-