General
-
Target
4058efdc02df38824a79170dedf1e13fa7957445670a798c8ffa979a29a89eca
-
Size
1.0MB
-
Sample
230323-2663nsag42
-
MD5
e3658138f27841e1a7c2e2769dea1cc1
-
SHA1
8cf90ba4eb06d99b213c7b60cff251e26bdfe49e
-
SHA256
4058efdc02df38824a79170dedf1e13fa7957445670a798c8ffa979a29a89eca
-
SHA512
40adceb7b9807a34d689b66bc10d38d5d2ad62d0cf9defaee4884519411f65f61e4da7a08b7d84d61ec651f204832ee7c810da4dd7bcde23946cde3c6134d648
-
SSDEEP
24576:xym/l6z7lim+U7DjJYXR/SplTfNj1TefQJ59wrBw/s:k6l87lz+sXJYhwlTfNjEf0wrB
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
4058efdc02df38824a79170dedf1e13fa7957445670a798c8ffa979a29a89eca
-
Size
1.0MB
-
MD5
e3658138f27841e1a7c2e2769dea1cc1
-
SHA1
8cf90ba4eb06d99b213c7b60cff251e26bdfe49e
-
SHA256
4058efdc02df38824a79170dedf1e13fa7957445670a798c8ffa979a29a89eca
-
SHA512
40adceb7b9807a34d689b66bc10d38d5d2ad62d0cf9defaee4884519411f65f61e4da7a08b7d84d61ec651f204832ee7c810da4dd7bcde23946cde3c6134d648
-
SSDEEP
24576:xym/l6z7lim+U7DjJYXR/SplTfNj1TefQJ59wrBw/s:k6l87lz+sXJYhwlTfNjEf0wrB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-