General
-
Target
3ed0d4c0ad11b695a2ea1126575f31da3288e4d232debe31804b8bed576eab99
-
Size
1.0MB
-
Sample
230324-e934vsec7s
-
MD5
7761ae262332e303bbf72d448d2de19f
-
SHA1
4e6bd32136e6d1ef68fbda0009e05ee76a111ba0
-
SHA256
3ed0d4c0ad11b695a2ea1126575f31da3288e4d232debe31804b8bed576eab99
-
SHA512
af2656f5d36b9779e1363b59bda27c263da9b359b3d9b8181cb31f4ac972a00f05904e21c77004e880538cfca30ebf8d22819ae46b09a494290b4aa3e95ad36a
-
SSDEEP
12288:2Mrly903UwCrnojmiPBnsbKRSlFjXrM+Xqb8uIR2S71bCwJ0p7oR4U1f4atYh0oF:7yWAMVATI+6b8zl71bCwsof7Zo8MfN
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
bolt
193.233.20.31:4125
-
auth_value
29540c7bf0277243e2faf6601e15a754
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
redline
USA
65.108.152.34:37345
-
auth_value
01ecb56953469aaed8efad25c0f68a64
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
3ed0d4c0ad11b695a2ea1126575f31da3288e4d232debe31804b8bed576eab99
-
Size
1.0MB
-
MD5
7761ae262332e303bbf72d448d2de19f
-
SHA1
4e6bd32136e6d1ef68fbda0009e05ee76a111ba0
-
SHA256
3ed0d4c0ad11b695a2ea1126575f31da3288e4d232debe31804b8bed576eab99
-
SHA512
af2656f5d36b9779e1363b59bda27c263da9b359b3d9b8181cb31f4ac972a00f05904e21c77004e880538cfca30ebf8d22819ae46b09a494290b4aa3e95ad36a
-
SSDEEP
12288:2Mrly903UwCrnojmiPBnsbKRSlFjXrM+Xqb8uIR2S71bCwJ0p7oR4U1f4atYh0oF:7yWAMVATI+6b8zl71bCwsof7Zo8MfN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-