General
-
Target
0a43af332529fa84ae68829f0e4cd17662f5009f8b8863afecb0e29b1c5d1f21
-
Size
696KB
-
Sample
230328-pmkdcaba24
-
MD5
a5749cb502f796eac3e49c4e751f3806
-
SHA1
79f8e78d034ab75431bd0889afcf8c6cd6ff1ecb
-
SHA256
0a43af332529fa84ae68829f0e4cd17662f5009f8b8863afecb0e29b1c5d1f21
-
SHA512
f8fce740b342b746bdb18132257ca0445adfdc289d922c73cb4f99c66a5d219ce28f7a0b018b9749563987a4b25e8bca7e3c38999fecac7d680260bae9a05399
-
SSDEEP
12288:VMrVy903THNAesSkCSdhFBQ8/5e/YrA8C+SBypnwL6FFGjSAxI9gUmmm:sygOeECyyKDA8SjsGjPI9L7m
Static task
static1
Behavioral task
behavioral1
Sample
0a43af332529fa84ae68829f0e4cd17662f5009f8b8863afecb0e29b1c5d1f21.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
0a43af332529fa84ae68829f0e4cd17662f5009f8b8863afecb0e29b1c5d1f21
-
Size
696KB
-
MD5
a5749cb502f796eac3e49c4e751f3806
-
SHA1
79f8e78d034ab75431bd0889afcf8c6cd6ff1ecb
-
SHA256
0a43af332529fa84ae68829f0e4cd17662f5009f8b8863afecb0e29b1c5d1f21
-
SHA512
f8fce740b342b746bdb18132257ca0445adfdc289d922c73cb4f99c66a5d219ce28f7a0b018b9749563987a4b25e8bca7e3c38999fecac7d680260bae9a05399
-
SSDEEP
12288:VMrVy903THNAesSkCSdhFBQ8/5e/YrA8C+SBypnwL6FFGjSAxI9gUmmm:sygOeECyyKDA8SjsGjPI9L7m
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-