General
-
Target
9c024aadce6bd20b49985dc6aba9526c.bin
-
Size
652KB
-
Sample
230330-b6gjxaaf38
-
MD5
42a1612b1b3716f3795296605c5dcbc9
-
SHA1
fc5b27605d1f7fe974e2e857cfb33c393615f733
-
SHA256
dd0d12ae707608ecada4d6ab140f4501165eb4ec1b7270f8bed1b2abda41665b
-
SHA512
33553ad9981ffd3a8172091b5eddeddae4e88fd9b49856d5dd071b4b5a6e1ae4e9b3ab947e65cfad02367839c2f0724655f6babb9e18c5869c0f6e2b42278218
-
SSDEEP
12288:wsFV5nAn7vbQbNmdSiM+tJWQ6JwHsdwt7gI/Sz7+Bepx2b5DY4Xg9:wQAn7MTW0dw1q7weX2b5RXC
Static task
static1
Behavioral task
behavioral1
Sample
61fc3a822966737e013ec711bdcc8d08f4831328a5ea94a7ee1dccd56b7e40a6.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
61fc3a822966737e013ec711bdcc8d08f4831328a5ea94a7ee1dccd56b7e40a6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
61fc3a822966737e013ec711bdcc8d08f4831328a5ea94a7ee1dccd56b7e40a6.exe
-
Size
695KB
-
MD5
9c024aadce6bd20b49985dc6aba9526c
-
SHA1
22eac460323f85df359cd91815e718307c245829
-
SHA256
61fc3a822966737e013ec711bdcc8d08f4831328a5ea94a7ee1dccd56b7e40a6
-
SHA512
60b49602bcd53d4ae4b3e19ef223b26d7c760a9af2da13ce39b4d3fd3d869d216539016b0d24d81b76d8c0bc4ee0550eee78d1dfdbab6748a40c30e456a1cf57
-
SSDEEP
12288:TMr3y90UMuC6oxpL6EKT7bSiBqo290tfaO4DACXKtk5ZbKYs9AA+9:QyZMuCbj8jSSauauCEqGWd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-