General
-
Target
ad3e793e8088fe5b0f638b39d910e9ea8d813bdb9389ef8f7f2cac10a2148518
-
Size
1003KB
-
Sample
230320-ebhp9sbf76
-
MD5
b7c42b5875bbc5346fabff79111021e5
-
SHA1
a1a0c5382353cc6a9afe741b419401392e3b2df8
-
SHA256
ad3e793e8088fe5b0f638b39d910e9ea8d813bdb9389ef8f7f2cac10a2148518
-
SHA512
6c2f5a0bfa491ef747da4800648c3d04d96a4eca3b008beebfd6f6151871518af3174e9b1a28fe1d66d5e967c3317bea1cc2925f4ad0f95b51708660c86f9b4d
-
SSDEEP
24576:syV8P0SWgXTIXPvl+txhW1nKLmLOJFrUqOkzncjR2l:bKrcucKLEO3Vwk
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
ad3e793e8088fe5b0f638b39d910e9ea8d813bdb9389ef8f7f2cac10a2148518
-
Size
1003KB
-
MD5
b7c42b5875bbc5346fabff79111021e5
-
SHA1
a1a0c5382353cc6a9afe741b419401392e3b2df8
-
SHA256
ad3e793e8088fe5b0f638b39d910e9ea8d813bdb9389ef8f7f2cac10a2148518
-
SHA512
6c2f5a0bfa491ef747da4800648c3d04d96a4eca3b008beebfd6f6151871518af3174e9b1a28fe1d66d5e967c3317bea1cc2925f4ad0f95b51708660c86f9b4d
-
SSDEEP
24576:syV8P0SWgXTIXPvl+txhW1nKLmLOJFrUqOkzncjR2l:bKrcucKLEO3Vwk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-