General
-
Target
07218ef3b5e3539f4207db2cc5b3d1601ff986d16331b1e87477826db8bb30d3
-
Size
764KB
-
Sample
230209-wm54daeg54
-
MD5
c28884ee03dd25129a97db448a644a17
-
SHA1
f29189f21462986deb6ef25adf305abebc626de1
-
SHA256
07218ef3b5e3539f4207db2cc5b3d1601ff986d16331b1e87477826db8bb30d3
-
SHA512
fcfa60449d195f3db445951d378bbbdfebc17c75ea8efe00c38a45d4881a514e72e4dd42e9c172b0dcaa5132482956794582df26ac4893b164f6a07eef8b295d
-
SSDEEP
12288:BMrey90DA0oawVkOktFdT0FpaWJGgD7HuYEwzNs6VfZxoEqomWd2OQp7fszR:ryqAWOkzdTuJ72Y4u7ooDALszR
Static task
static1
Malware Config
Extracted
redline
dubna
193.233.20.11:4131
-
auth_value
f324b1269094b7462e56bab025f032f4
Extracted
redline
romka
193.233.20.11:4131
-
auth_value
fcbb3247051f5290e8ac5b1a841af67b
Extracted
redline
crypt
176.113.115.17:4132
-
auth_value
407e05c9b3a74d99a20f90b091547bd6
Targets
-
-
Target
07218ef3b5e3539f4207db2cc5b3d1601ff986d16331b1e87477826db8bb30d3
-
Size
764KB
-
MD5
c28884ee03dd25129a97db448a644a17
-
SHA1
f29189f21462986deb6ef25adf305abebc626de1
-
SHA256
07218ef3b5e3539f4207db2cc5b3d1601ff986d16331b1e87477826db8bb30d3
-
SHA512
fcfa60449d195f3db445951d378bbbdfebc17c75ea8efe00c38a45d4881a514e72e4dd42e9c172b0dcaa5132482956794582df26ac4893b164f6a07eef8b295d
-
SSDEEP
12288:BMrey90DA0oawVkOktFdT0FpaWJGgD7HuYEwzNs6VfZxoEqomWd2OQp7fszR:ryqAWOkzdTuJ72Y4u7ooDALszR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-