General
-
Target
5235be3d25acc4cbc5ea285e3b835d6180e5079ef39bcbff19088b126e70743b
-
Size
696KB
-
Sample
230328-pg6pdsce8x
-
MD5
087fbb45f1779da72b3250842e52922f
-
SHA1
e993feb44644bbb564d168ce803c69fa902bea73
-
SHA256
5235be3d25acc4cbc5ea285e3b835d6180e5079ef39bcbff19088b126e70743b
-
SHA512
4d5c58e5b83233363c1671d5715849daf78f81a580f716813f878628a076dc201f6136037db7d17c7193492c2d27ef2888853afca0056797ba19aea688a041cb
-
SSDEEP
12288:SMrfy90ggKiysUDtdnbsLGe7SzuIdD8roMA8YL62zGjgAxI9gzgpdE:9yifUxdnQGe7SzM3QlGjxI988E
Static task
static1
Behavioral task
behavioral1
Sample
5235be3d25acc4cbc5ea285e3b835d6180e5079ef39bcbff19088b126e70743b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
5235be3d25acc4cbc5ea285e3b835d6180e5079ef39bcbff19088b126e70743b
-
Size
696KB
-
MD5
087fbb45f1779da72b3250842e52922f
-
SHA1
e993feb44644bbb564d168ce803c69fa902bea73
-
SHA256
5235be3d25acc4cbc5ea285e3b835d6180e5079ef39bcbff19088b126e70743b
-
SHA512
4d5c58e5b83233363c1671d5715849daf78f81a580f716813f878628a076dc201f6136037db7d17c7193492c2d27ef2888853afca0056797ba19aea688a041cb
-
SSDEEP
12288:SMrfy90ggKiysUDtdnbsLGe7SzuIdD8roMA8YL62zGjgAxI9gzgpdE:9yifUxdnQGe7SzM3QlGjxI988E
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-