General
-
Target
f437db6b0f9ec1f385b492890b6cc794e98350054ba9123d5e4dca8c68318b5a
-
Size
526KB
-
Sample
230209-qfby3adc29
-
MD5
29b484a6a7c03b9d94088fae9d2bdb46
-
SHA1
3149f1bde552393294a89bfd62ecd75dd8155032
-
SHA256
f437db6b0f9ec1f385b492890b6cc794e98350054ba9123d5e4dca8c68318b5a
-
SHA512
1c325a7f861afd77c5ceeee67d9adb35cfcb97fc474668d07f1ef79f4ba55136c2a359d6800a15f46b74301057592d54b21eac964f40edf5e870775c7c6bb3c5
-
SSDEEP
12288:4Mrty90hHnifMFFGhgp/Mj0ILYbWmhHI7FagFWPNE4W:lywHnifMd+zYbWmHYFCPNEh
Static task
static1
Malware Config
Extracted
amadey
3.66
62.204.41.4/Gol478Ns/index.php
Extracted
redline
dubna
193.233.20.11:4131
-
auth_value
f324b1269094b7462e56bab025f032f4
Extracted
redline
romka
193.233.20.11:4131
-
auth_value
fcbb3247051f5290e8ac5b1a841af67b
Extracted
redline
crypt
176.113.115.17:4132
-
auth_value
407e05c9b3a74d99a20f90b091547bd6
Targets
-
-
Target
f437db6b0f9ec1f385b492890b6cc794e98350054ba9123d5e4dca8c68318b5a
-
Size
526KB
-
MD5
29b484a6a7c03b9d94088fae9d2bdb46
-
SHA1
3149f1bde552393294a89bfd62ecd75dd8155032
-
SHA256
f437db6b0f9ec1f385b492890b6cc794e98350054ba9123d5e4dca8c68318b5a
-
SHA512
1c325a7f861afd77c5ceeee67d9adb35cfcb97fc474668d07f1ef79f4ba55136c2a359d6800a15f46b74301057592d54b21eac964f40edf5e870775c7c6bb3c5
-
SSDEEP
12288:4Mrty90hHnifMFFGhgp/Mj0ILYbWmhHI7FagFWPNE4W:lywHnifMd+zYbWmHYFCPNEh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-