General
-
Target
7e818da0c587ee1ff780dfbb2200c942aaed51a633ac58787360756a56ef59fb
-
Size
689KB
-
Sample
230318-mgkqtabh82
-
MD5
ba00f071fc32057f5c01f31caf7cd3ca
-
SHA1
867330d0f3de0cac63b602ae9eadb335dccc0ca4
-
SHA256
7e818da0c587ee1ff780dfbb2200c942aaed51a633ac58787360756a56ef59fb
-
SHA512
e059159995cd0a1169e0616a45e59bbd4040360077cb66ecb4839fa1da8722550c464c81160e1686529017e90a41bc0f546a55b31de394a0cd1a2b389b66a565
-
SSDEEP
12288:FMrXy90/k55KporF0JFfISt4i7bPxi6DzdM0FZjYjXeJ:CyCqZ0bLHPxZd2G
Static task
static1
Behavioral task
behavioral1
Sample
7e818da0c587ee1ff780dfbb2200c942aaed51a633ac58787360756a56ef59fb.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
lint
193.233.20.28:4125
-
auth_value
0e95262fb78243c67430f3148303e5b7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
7e818da0c587ee1ff780dfbb2200c942aaed51a633ac58787360756a56ef59fb
-
Size
689KB
-
MD5
ba00f071fc32057f5c01f31caf7cd3ca
-
SHA1
867330d0f3de0cac63b602ae9eadb335dccc0ca4
-
SHA256
7e818da0c587ee1ff780dfbb2200c942aaed51a633ac58787360756a56ef59fb
-
SHA512
e059159995cd0a1169e0616a45e59bbd4040360077cb66ecb4839fa1da8722550c464c81160e1686529017e90a41bc0f546a55b31de394a0cd1a2b389b66a565
-
SSDEEP
12288:FMrXy90/k55KporF0JFfISt4i7bPxi6DzdM0FZjYjXeJ:CyCqZ0bLHPxZd2G
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-