General
-
Target
795ed6e9358d37f23a259ea77e8a47ef4c56503fa8cee5620bc6b20187d3e488
-
Size
698KB
-
Sample
230328-pekddace7v
-
MD5
afdbd4fdd25fca51eb5cff90be3e3578
-
SHA1
5e4e7264cff8aafe7fc13b4a3028f7dc37e2851a
-
SHA256
795ed6e9358d37f23a259ea77e8a47ef4c56503fa8cee5620bc6b20187d3e488
-
SHA512
16b908b88fd66c9c904397b0522aa472344dd33e3b0ba50f8b57983a05612703270f4b8b2028bb6eeca565a9f79a0c491daef6b09be8cb44e560baee2ff9ad08
-
SSDEEP
12288:VMrpy90HBO3sbx/FHB35LfZtwNJZmSg9+L6OyGjtAxI9gjXFKO1WD:MyF3sbB35LfgxmkYGjeI90sOE
Static task
static1
Behavioral task
behavioral1
Sample
795ed6e9358d37f23a259ea77e8a47ef4c56503fa8cee5620bc6b20187d3e488.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
795ed6e9358d37f23a259ea77e8a47ef4c56503fa8cee5620bc6b20187d3e488
-
Size
698KB
-
MD5
afdbd4fdd25fca51eb5cff90be3e3578
-
SHA1
5e4e7264cff8aafe7fc13b4a3028f7dc37e2851a
-
SHA256
795ed6e9358d37f23a259ea77e8a47ef4c56503fa8cee5620bc6b20187d3e488
-
SHA512
16b908b88fd66c9c904397b0522aa472344dd33e3b0ba50f8b57983a05612703270f4b8b2028bb6eeca565a9f79a0c491daef6b09be8cb44e560baee2ff9ad08
-
SSDEEP
12288:VMrpy90HBO3sbx/FHB35LfZtwNJZmSg9+L6OyGjtAxI9gjXFKO1WD:MyF3sbB35LfgxmkYGjeI90sOE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-