General
-
Target
92f77f58e8f94199df95cc411dc8436b735dbe497fafb4a7e1c2284a39645d09
-
Size
698KB
-
Sample
230328-pdpayaah75
-
MD5
184ff033deccdc475e5ed0ab16bb1e2e
-
SHA1
8e73742a90de51da7564125c81076869ba694207
-
SHA256
92f77f58e8f94199df95cc411dc8436b735dbe497fafb4a7e1c2284a39645d09
-
SHA512
97a2a0c58bfb4ad1fa6f19d740037c8b3102d2df0b25210cd66b504287e1b2929579e69a7caa747e856f480b2e89aa252bcc7eeaf87e3324f9e25040bbaa6ae1
-
SSDEEP
12288:3MrXy90WqTJ4pphxomkhdFtkG8G/70XcRL6PmGjxAxI9gbFWBMNJf:0yxpT+vDYPoJGjKI96Td
Static task
static1
Behavioral task
behavioral1
Sample
92f77f58e8f94199df95cc411dc8436b735dbe497fafb4a7e1c2284a39645d09.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
92f77f58e8f94199df95cc411dc8436b735dbe497fafb4a7e1c2284a39645d09
-
Size
698KB
-
MD5
184ff033deccdc475e5ed0ab16bb1e2e
-
SHA1
8e73742a90de51da7564125c81076869ba694207
-
SHA256
92f77f58e8f94199df95cc411dc8436b735dbe497fafb4a7e1c2284a39645d09
-
SHA512
97a2a0c58bfb4ad1fa6f19d740037c8b3102d2df0b25210cd66b504287e1b2929579e69a7caa747e856f480b2e89aa252bcc7eeaf87e3324f9e25040bbaa6ae1
-
SSDEEP
12288:3MrXy90WqTJ4pphxomkhdFtkG8G/70XcRL6PmGjxAxI9gbFWBMNJf:0yxpT+vDYPoJGjKI96Td
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-