General
-
Target
318e781b8424d524893bf708eb1c4e0c1ffd76182036f131e3da8228f2c4d246
-
Size
697KB
-
Sample
230328-pc33psah73
-
MD5
22d45522c5a93ad97b2133d22a31d7ef
-
SHA1
bab66d3ed72732a0e5cc5803a1a6f4bde703cbcf
-
SHA256
318e781b8424d524893bf708eb1c4e0c1ffd76182036f131e3da8228f2c4d246
-
SHA512
7da6a417cb2bf66247f410af7dbad714aee3e778d5b03bb223642efdf79f67ab98d307faffa70674168a4dce421d297683a72d3d1380c17d896d60d16f7f5392
-
SSDEEP
12288:gMrDy903EBXEC6FyWqz8rylrZZhrp/YHx8m4sL652GjkAxI9gCsCL+UKJrhCG5:zysQCyWxArZHMxNvDGj9I9Bz+DrhV
Static task
static1
Behavioral task
behavioral1
Sample
318e781b8424d524893bf708eb1c4e0c1ffd76182036f131e3da8228f2c4d246.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
318e781b8424d524893bf708eb1c4e0c1ffd76182036f131e3da8228f2c4d246
-
Size
697KB
-
MD5
22d45522c5a93ad97b2133d22a31d7ef
-
SHA1
bab66d3ed72732a0e5cc5803a1a6f4bde703cbcf
-
SHA256
318e781b8424d524893bf708eb1c4e0c1ffd76182036f131e3da8228f2c4d246
-
SHA512
7da6a417cb2bf66247f410af7dbad714aee3e778d5b03bb223642efdf79f67ab98d307faffa70674168a4dce421d297683a72d3d1380c17d896d60d16f7f5392
-
SSDEEP
12288:gMrDy903EBXEC6FyWqz8rylrZZhrp/YHx8m4sL652GjkAxI9gCsCL+UKJrhCG5:zysQCyWxArZHMxNvDGj9I9Bz+DrhV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-