General
-
Target
0c1a4b4aea8b2fbbb4fba7684d19a54250dccc4f9c4091d18f0a978d3e56240e
-
Size
1006KB
-
Sample
230323-s63wksae81
-
MD5
e1a22c3df91dd944da2261d14b560161
-
SHA1
58ca77393da0e507908c5e5aa1dacd2c1a73f4be
-
SHA256
0c1a4b4aea8b2fbbb4fba7684d19a54250dccc4f9c4091d18f0a978d3e56240e
-
SHA512
601041b5e5ae58b4a93febd912f2a76a81b8963026a9d8d8ab40923d501d91fdf123664b52a5d9cef7c567d5fcaf19024d0041009e42db5258f08bfe7333eabe
-
SSDEEP
24576:Cyb0wnM5llmP5k39y4tKfBtJJPNM3MZD/gM+MP:pjM5lc+39y4aBtLFMM
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
0c1a4b4aea8b2fbbb4fba7684d19a54250dccc4f9c4091d18f0a978d3e56240e
-
Size
1006KB
-
MD5
e1a22c3df91dd944da2261d14b560161
-
SHA1
58ca77393da0e507908c5e5aa1dacd2c1a73f4be
-
SHA256
0c1a4b4aea8b2fbbb4fba7684d19a54250dccc4f9c4091d18f0a978d3e56240e
-
SHA512
601041b5e5ae58b4a93febd912f2a76a81b8963026a9d8d8ab40923d501d91fdf123664b52a5d9cef7c567d5fcaf19024d0041009e42db5258f08bfe7333eabe
-
SSDEEP
24576:Cyb0wnM5llmP5k39y4tKfBtJJPNM3MZD/gM+MP:pjM5lc+39y4aBtLFMM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-