General
-
Target
5ce9534e26d66344a28ed9229c67db1377218946d37b496b84967b9df5c42a65
-
Size
960KB
-
Sample
230320-qt4k8sdf96
-
MD5
83127e88d4b54670915f8dd9ca70d89c
-
SHA1
b393235251a033a7e2a26a0dc292b6ea46c22162
-
SHA256
5ce9534e26d66344a28ed9229c67db1377218946d37b496b84967b9df5c42a65
-
SHA512
8552a706708e0896f56e24827a386729f6825e483d5df24edc1b990d3aa2b751cadeead0bda2bdac64ed9eeade7974fd6bb03a15372735472197c1a1a650599c
-
SSDEEP
24576:hyJd1v6jZ47m9baZC3n51aNyv798l9/gSxqg1:UMiix+CX51aNyml9ou
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
5ce9534e26d66344a28ed9229c67db1377218946d37b496b84967b9df5c42a65
-
Size
960KB
-
MD5
83127e88d4b54670915f8dd9ca70d89c
-
SHA1
b393235251a033a7e2a26a0dc292b6ea46c22162
-
SHA256
5ce9534e26d66344a28ed9229c67db1377218946d37b496b84967b9df5c42a65
-
SHA512
8552a706708e0896f56e24827a386729f6825e483d5df24edc1b990d3aa2b751cadeead0bda2bdac64ed9eeade7974fd6bb03a15372735472197c1a1a650599c
-
SSDEEP
24576:hyJd1v6jZ47m9baZC3n51aNyv798l9/gSxqg1:UMiix+CX51aNyml9ou
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-