General
-
Target
011252e61e07c43d3dfea0f24a286c5fbefa470340dce888e5a15fc4bbc93bdb
-
Size
962KB
-
Sample
230321-cwywwage56
-
MD5
dfa9c503d436d37fb5e6a128b1ff9211
-
SHA1
41858eb2cb50a7c6a7be614cbc5eb9bdd82cbff9
-
SHA256
011252e61e07c43d3dfea0f24a286c5fbefa470340dce888e5a15fc4bbc93bdb
-
SHA512
6e2b01df0a5f5c1331bba7953ad445f332529bcedb83404c31ed57081b178a0be14ab40ae5bde0fe57c0a714c298e354e2bc26d97552966ea6f3a6e5173ec847
-
SSDEEP
24576:+ySi33gNnGbDGFMuDBZkSd7j6shYLow5Esux6WZ:NP3QOGLNZjTmAsA
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
011252e61e07c43d3dfea0f24a286c5fbefa470340dce888e5a15fc4bbc93bdb
-
Size
962KB
-
MD5
dfa9c503d436d37fb5e6a128b1ff9211
-
SHA1
41858eb2cb50a7c6a7be614cbc5eb9bdd82cbff9
-
SHA256
011252e61e07c43d3dfea0f24a286c5fbefa470340dce888e5a15fc4bbc93bdb
-
SHA512
6e2b01df0a5f5c1331bba7953ad445f332529bcedb83404c31ed57081b178a0be14ab40ae5bde0fe57c0a714c298e354e2bc26d97552966ea6f3a6e5173ec847
-
SSDEEP
24576:+ySi33gNnGbDGFMuDBZkSd7j6shYLow5Esux6WZ:NP3QOGLNZjTmAsA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-