General
-
Target
4a17e7bd3b5e47cf84cb0a50ae44c7e73c13a81b635ac7db9e73fe908d8450d6
-
Size
1.0MB
-
Sample
230319-myntssga58
-
MD5
4e3fa02b59a708c41d7323036ce01c85
-
SHA1
351023852b56deeec0e20ec8e9ea52c391bd558a
-
SHA256
4a17e7bd3b5e47cf84cb0a50ae44c7e73c13a81b635ac7db9e73fe908d8450d6
-
SHA512
01d36c9df55cee4f2d9a225b15f68e195ed739010e996ee23ea9b157bcf2a3895bbe8115d75fe3d07470770af1a255a27bd03412476a62f3e5232ea35a0d20ff
-
SSDEEP
24576:YyZGIBTX/9oAKR1IkDjj7pFCRKVLsUIucY78l+w:fZGE9oAKn9DjrCspsUf4
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
4a17e7bd3b5e47cf84cb0a50ae44c7e73c13a81b635ac7db9e73fe908d8450d6
-
Size
1.0MB
-
MD5
4e3fa02b59a708c41d7323036ce01c85
-
SHA1
351023852b56deeec0e20ec8e9ea52c391bd558a
-
SHA256
4a17e7bd3b5e47cf84cb0a50ae44c7e73c13a81b635ac7db9e73fe908d8450d6
-
SHA512
01d36c9df55cee4f2d9a225b15f68e195ed739010e996ee23ea9b157bcf2a3895bbe8115d75fe3d07470770af1a255a27bd03412476a62f3e5232ea35a0d20ff
-
SSDEEP
24576:YyZGIBTX/9oAKR1IkDjj7pFCRKVLsUIucY78l+w:fZGE9oAKn9DjrCspsUf4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-