General
-
Target
8f51ebf457ab0bf3864a1f624f99c935d70c8b4dcd60bbb006013d6a4b8d30c8
-
Size
751KB
-
Sample
230328-pcz12sce6w
-
MD5
faf5d12f83d76c29b793579ff17a847c
-
SHA1
d440ad7fe6ff7708fe5f002eb782e043f11897f1
-
SHA256
8f51ebf457ab0bf3864a1f624f99c935d70c8b4dcd60bbb006013d6a4b8d30c8
-
SHA512
1cc5191192cd3c6f77cf6aaa3202dc6ddf5237c8e58130773ee5df29032a60c2984e82292f07a71a791c2975619f76df678df51e3df571f726382cddd92afb76
-
SSDEEP
12288:F9+hlaQ6fT0YC+EwRi8Zc5yNlcDxc6hwYcUNLwEgbUt28ivEZgoxhvzzFM:yraQGIAEQi8ZcalwxZ+4gbUt28oEZ1vu
Static task
static1
Behavioral task
behavioral1
Sample
8f51ebf457ab0bf3864a1f624f99c935d70c8b4dcd60bbb006013d6a4b8d30c8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
8f51ebf457ab0bf3864a1f624f99c935d70c8b4dcd60bbb006013d6a4b8d30c8
-
Size
751KB
-
MD5
faf5d12f83d76c29b793579ff17a847c
-
SHA1
d440ad7fe6ff7708fe5f002eb782e043f11897f1
-
SHA256
8f51ebf457ab0bf3864a1f624f99c935d70c8b4dcd60bbb006013d6a4b8d30c8
-
SHA512
1cc5191192cd3c6f77cf6aaa3202dc6ddf5237c8e58130773ee5df29032a60c2984e82292f07a71a791c2975619f76df678df51e3df571f726382cddd92afb76
-
SSDEEP
12288:F9+hlaQ6fT0YC+EwRi8Zc5yNlcDxc6hwYcUNLwEgbUt28ivEZgoxhvzzFM:yraQGIAEQi8ZcalwxZ+4gbUt28oEZ1vu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-