General
-
Target
b9c8d6a63b92ac24ea679c4d4ac8072b4866854feb9133a654ee9c3e24251fb0
-
Size
1.0MB
-
Sample
230324-yrdwssha68
-
MD5
a3f9d2d7c1e091c3e47edde8ff3c549e
-
SHA1
c8f21e3053835dab4d9035f3c46afc2c398a1643
-
SHA256
b9c8d6a63b92ac24ea679c4d4ac8072b4866854feb9133a654ee9c3e24251fb0
-
SHA512
9661a75527ff9356b34082492a69e22dc44f41cf71b4378e2b548a392489059766aac7be0a1ed15b9b29e4cd4d6f5477d493549415ca7d994cf5cdf4168ff59d
-
SSDEEP
24576:ayglwZgQIkl4DoUJHqliD5E9vXbg5F9UFiHI:hzVmZD2ViH
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
b9c8d6a63b92ac24ea679c4d4ac8072b4866854feb9133a654ee9c3e24251fb0
-
Size
1.0MB
-
MD5
a3f9d2d7c1e091c3e47edde8ff3c549e
-
SHA1
c8f21e3053835dab4d9035f3c46afc2c398a1643
-
SHA256
b9c8d6a63b92ac24ea679c4d4ac8072b4866854feb9133a654ee9c3e24251fb0
-
SHA512
9661a75527ff9356b34082492a69e22dc44f41cf71b4378e2b548a392489059766aac7be0a1ed15b9b29e4cd4d6f5477d493549415ca7d994cf5cdf4168ff59d
-
SSDEEP
24576:ayglwZgQIkl4DoUJHqliD5E9vXbg5F9UFiHI:hzVmZD2ViH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-