General
-
Target
472d3ed097a2bc9fce1fbc3f389b78eaec27586cf39010a593aeec993e8f9e90
-
Size
699KB
-
Sample
230328-pbbl3ace5z
-
MD5
965feada1c45d170931975b589e851d9
-
SHA1
66bd13882bb05bc2c69840f432e51b49096f2290
-
SHA256
472d3ed097a2bc9fce1fbc3f389b78eaec27586cf39010a593aeec993e8f9e90
-
SHA512
bd3911b8324b23721a81b07742e908e296f4f7070059a894a6d1525643411831cee3171f39dd5dbf4b5e7b3d008b471705f65320a876ffdbe91a92748f559f59
-
SSDEEP
12288:mMrvy90pSIRoOFjyV1N8xrff90NmzChyNb5tYwL6eCGjQAxI9gNgZYb:hy+RNK1NS9qmGAuG4GjhI90d
Static task
static1
Behavioral task
behavioral1
Sample
472d3ed097a2bc9fce1fbc3f389b78eaec27586cf39010a593aeec993e8f9e90.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
472d3ed097a2bc9fce1fbc3f389b78eaec27586cf39010a593aeec993e8f9e90
-
Size
699KB
-
MD5
965feada1c45d170931975b589e851d9
-
SHA1
66bd13882bb05bc2c69840f432e51b49096f2290
-
SHA256
472d3ed097a2bc9fce1fbc3f389b78eaec27586cf39010a593aeec993e8f9e90
-
SHA512
bd3911b8324b23721a81b07742e908e296f4f7070059a894a6d1525643411831cee3171f39dd5dbf4b5e7b3d008b471705f65320a876ffdbe91a92748f559f59
-
SSDEEP
12288:mMrvy90pSIRoOFjyV1N8xrff90NmzChyNb5tYwL6eCGjQAxI9gNgZYb:hy+RNK1NS9qmGAuG4GjhI90d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-