General
-
Target
14c7e02c269de982bca0eacb8dfceaf4fdf4324019d6f140522e6a0baa33fbb9
-
Size
1017KB
-
Sample
230323-yh81kshg62
-
MD5
eddafdda32d7b5939bf8be8ab30f417d
-
SHA1
58d5aa16e278e51eb593316f396899e7020700c4
-
SHA256
14c7e02c269de982bca0eacb8dfceaf4fdf4324019d6f140522e6a0baa33fbb9
-
SHA512
949e555d727ab8ccc7b3c2cad2e6bfc5e2b17d5d1a3a8a5bb445b034a09f5e1db7a97486489d9fa8b0fc04112b14940a09be550593bd8d74ed8b7fca8ebad90e
-
SSDEEP
24576:oyqNT36ApHMks7w5KQzZHwODi/mlCz2BPzu:vqNTTHMkkwtdQYi//2Nz
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
14c7e02c269de982bca0eacb8dfceaf4fdf4324019d6f140522e6a0baa33fbb9
-
Size
1017KB
-
MD5
eddafdda32d7b5939bf8be8ab30f417d
-
SHA1
58d5aa16e278e51eb593316f396899e7020700c4
-
SHA256
14c7e02c269de982bca0eacb8dfceaf4fdf4324019d6f140522e6a0baa33fbb9
-
SHA512
949e555d727ab8ccc7b3c2cad2e6bfc5e2b17d5d1a3a8a5bb445b034a09f5e1db7a97486489d9fa8b0fc04112b14940a09be550593bd8d74ed8b7fca8ebad90e
-
SSDEEP
24576:oyqNT36ApHMks7w5KQzZHwODi/mlCz2BPzu:vqNTTHMkkwtdQYi//2Nz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-