General
-
Target
build.exe
-
Size
1.0MB
-
Sample
241010-1pcbasyblg
-
MD5
bed1f6aaf3f0c322f0de048e545eb27a
-
SHA1
3aafcbbdc94dc190866010167800292eb4aea1e0
-
SHA256
bd84235f8afd545e6353a88bb869a2b630140df437f484e7bbe9803f60b044ba
-
SHA512
db709eadf1deb08426b4ab94f0f48f74bc02be5b281387151b411bff057a6eec5b1b1c3eed801177fa7259aea69066104f9ee40fe1d8d32a918671747d32a59a
-
SSDEEP
12288:+MSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9VLcUzsigBNkfzj:+nsJ39LyjbJkQFMhmC+6GD9yUNgBNG
Behavioral task
behavioral1
Sample
build.exe
Resource
win11-20241007-en
Malware Config
Extracted
redline
1
50.114.242.2:1912
Targets
-
-
Target
build.exe
-
Size
1.0MB
-
MD5
bed1f6aaf3f0c322f0de048e545eb27a
-
SHA1
3aafcbbdc94dc190866010167800292eb4aea1e0
-
SHA256
bd84235f8afd545e6353a88bb869a2b630140df437f484e7bbe9803f60b044ba
-
SHA512
db709eadf1deb08426b4ab94f0f48f74bc02be5b281387151b411bff057a6eec5b1b1c3eed801177fa7259aea69066104f9ee40fe1d8d32a918671747d32a59a
-
SSDEEP
12288:+MSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9VLcUzsigBNkfzj:+nsJ39LyjbJkQFMhmC+6GD9yUNgBNG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2