General
-
Target
cd80d176cccb5c89e3c2fd3e27f8e5d17b9215c1678641efee8a94882463f62d
-
Size
751KB
-
Sample
230328-pfkqjace7z
-
MD5
f721c15a98c02627aae70706e42882b6
-
SHA1
b1fa689a4f9e5e88b842ec5986e30782e4cddd4f
-
SHA256
cd80d176cccb5c89e3c2fd3e27f8e5d17b9215c1678641efee8a94882463f62d
-
SHA512
5e76150b151294bb2a6c769b4ac9952c14c3a8d7b9d4cb181f724851cfa303a5bab9f6c87062a772ca3642a8f2b7ab6e66ec8e98a6d66f1fa231df5818625259
-
SSDEEP
12288:F9+hlaQ6fT0YC+EwRi8Zc5yNlcDxc6hwYcUNLwEgbUt28ivEZgoxhvzzFM:yraQGIAEQi8ZcalwxZ+4gbUt28oEZ1vu
Static task
static1
Behavioral task
behavioral1
Sample
cd80d176cccb5c89e3c2fd3e27f8e5d17b9215c1678641efee8a94882463f62d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
cd80d176cccb5c89e3c2fd3e27f8e5d17b9215c1678641efee8a94882463f62d
-
Size
751KB
-
MD5
f721c15a98c02627aae70706e42882b6
-
SHA1
b1fa689a4f9e5e88b842ec5986e30782e4cddd4f
-
SHA256
cd80d176cccb5c89e3c2fd3e27f8e5d17b9215c1678641efee8a94882463f62d
-
SHA512
5e76150b151294bb2a6c769b4ac9952c14c3a8d7b9d4cb181f724851cfa303a5bab9f6c87062a772ca3642a8f2b7ab6e66ec8e98a6d66f1fa231df5818625259
-
SSDEEP
12288:F9+hlaQ6fT0YC+EwRi8Zc5yNlcDxc6hwYcUNLwEgbUt28ivEZgoxhvzzFM:yraQGIAEQi8ZcalwxZ+4gbUt28oEZ1vu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-