General
-
Target
33c76c965e42b320bad414f354790a9ac13d153c65bc4314340b1f3c2bc801e4
-
Size
1007KB
-
Sample
230323-q9njysaa41
-
MD5
fe446c06233ab19a0a91c70fba301a79
-
SHA1
9b44ba48ac55db9eef4a78203e34f48e8761b128
-
SHA256
33c76c965e42b320bad414f354790a9ac13d153c65bc4314340b1f3c2bc801e4
-
SHA512
c4fa7896bbe5191eb42da60689498c47dc517cd87f33655f2c5e0b1913dc5ad77d39ba1f4bb86f338b99d786c86dabdd37177998ebb07d874669a76daa70d788
-
SSDEEP
24576:byiqZv/ullz8nW9ctZHPPu9gWqQ+WOl6rPNhRW50q1KX:OlV+lgnW9EZHPG9gWqWOlSFh5eK
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
33c76c965e42b320bad414f354790a9ac13d153c65bc4314340b1f3c2bc801e4
-
Size
1007KB
-
MD5
fe446c06233ab19a0a91c70fba301a79
-
SHA1
9b44ba48ac55db9eef4a78203e34f48e8761b128
-
SHA256
33c76c965e42b320bad414f354790a9ac13d153c65bc4314340b1f3c2bc801e4
-
SHA512
c4fa7896bbe5191eb42da60689498c47dc517cd87f33655f2c5e0b1913dc5ad77d39ba1f4bb86f338b99d786c86dabdd37177998ebb07d874669a76daa70d788
-
SSDEEP
24576:byiqZv/ullz8nW9ctZHPPu9gWqQ+WOl6rPNhRW50q1KX:OlV+lgnW9EZHPG9gWqWOlSFh5eK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-