General
-
Target
d8cf5ce9f63ae505b3045a4578740edec4b0fa8a3599475b69bd6187ca4189aa
-
Size
697KB
-
Sample
230328-ppgp8scf4v
-
MD5
54b2c38e5e6bf5aa6e840505bf0dae4b
-
SHA1
9d274bed3718630dfb198c369e67280c640c6b18
-
SHA256
d8cf5ce9f63ae505b3045a4578740edec4b0fa8a3599475b69bd6187ca4189aa
-
SHA512
61b04f8ae907a49c285a8f4f100dc87ca39c6bd17a88a25b1a9fa033118ef5bea4f9fe4dc3936af96fe9e1fb2c92d204372f9a68446bfc650bf278086eb5bffb
-
SSDEEP
12288:JMrpy90QTMFG8zKMSY7yzuIdD3T9a9N0+L6BWGjRAxI9gU4ZQhbg:AyxTn8mrY7yzHT9ad5GjqI9/AQhg
Static task
static1
Behavioral task
behavioral1
Sample
d8cf5ce9f63ae505b3045a4578740edec4b0fa8a3599475b69bd6187ca4189aa.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
d8cf5ce9f63ae505b3045a4578740edec4b0fa8a3599475b69bd6187ca4189aa
-
Size
697KB
-
MD5
54b2c38e5e6bf5aa6e840505bf0dae4b
-
SHA1
9d274bed3718630dfb198c369e67280c640c6b18
-
SHA256
d8cf5ce9f63ae505b3045a4578740edec4b0fa8a3599475b69bd6187ca4189aa
-
SHA512
61b04f8ae907a49c285a8f4f100dc87ca39c6bd17a88a25b1a9fa033118ef5bea4f9fe4dc3936af96fe9e1fb2c92d204372f9a68446bfc650bf278086eb5bffb
-
SSDEEP
12288:JMrpy90QTMFG8zKMSY7yzuIdD3T9a9N0+L6BWGjRAxI9gU4ZQhbg:AyxTn8mrY7yzHT9ad5GjqI9/AQhg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-