General
-
Target
4929260e99d60ec569bc679696e5b37ef7f3fb1a2369e08e95ff8846c8a788c4
-
Size
765KB
-
Sample
230209-vwy6radd67
-
MD5
0dc4d3569b05bee985c4e21c3326a173
-
SHA1
b13cb82f1a5a1a9fc26a006d717e2d904342d555
-
SHA256
4929260e99d60ec569bc679696e5b37ef7f3fb1a2369e08e95ff8846c8a788c4
-
SHA512
572087c94e7ca67235239f3b671ac1113705c2e62954656a415e32a5998484306360f0f5655cbf30d07ede77d0e807f7882003d6c49138bab2328703d8f1fbb9
-
SSDEEP
12288:qMr7y90us6wjlGS1raZGPM7CS+CAJZhrI3b/fcNJiZUZX8bicp/JPOr:5y7srTU+SpAbiriiZlWkE
Static task
static1
Malware Config
Extracted
redline
dubna
193.233.20.11:4131
-
auth_value
f324b1269094b7462e56bab025f032f4
Extracted
redline
romka
193.233.20.11:4131
-
auth_value
fcbb3247051f5290e8ac5b1a841af67b
Extracted
redline
crypt
176.113.115.17:4132
-
auth_value
407e05c9b3a74d99a20f90b091547bd6
Targets
-
-
Target
4929260e99d60ec569bc679696e5b37ef7f3fb1a2369e08e95ff8846c8a788c4
-
Size
765KB
-
MD5
0dc4d3569b05bee985c4e21c3326a173
-
SHA1
b13cb82f1a5a1a9fc26a006d717e2d904342d555
-
SHA256
4929260e99d60ec569bc679696e5b37ef7f3fb1a2369e08e95ff8846c8a788c4
-
SHA512
572087c94e7ca67235239f3b671ac1113705c2e62954656a415e32a5998484306360f0f5655cbf30d07ede77d0e807f7882003d6c49138bab2328703d8f1fbb9
-
SSDEEP
12288:qMr7y90us6wjlGS1raZGPM7CS+CAJZhrI3b/fcNJiZUZX8bicp/JPOr:5y7srTU+SpAbiriiZlWkE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-