General
-
Target
d4a2999e1cf3908ed47659dc5c4b324b2f40a82f919b0c2755aa18ff0f1d55f1
-
Size
1MB
-
Sample
230326-lqrp2sgb29
-
MD5
0327ff5fdeb297b08accf17d726fc91f
-
SHA1
bc9a8ad3809c54f02996b51b001db9dad334d368
-
SHA256
d4a2999e1cf3908ed47659dc5c4b324b2f40a82f919b0c2755aa18ff0f1d55f1
-
SHA512
4df25bb6f615bc888d2bbae673397948b30e045703724e950ea343843c3e966536e736b8e28ebaccf7879f0f3b4027e99e77eff85f31a1005701d99397b1eea6
-
SSDEEP
24576:CycCpgLZt8cHJZPC6sdODbIXaz3CiWDJxBqq/U:pxgjRpJ/sdOJC/t/
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
netu
193.233.20.32:4125
-
auth_value
9641925ae487005582b5cf30476dd305
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
d4a2999e1cf3908ed47659dc5c4b324b2f40a82f919b0c2755aa18ff0f1d55f1
-
Size
1MB
-
MD5
0327ff5fdeb297b08accf17d726fc91f
-
SHA1
bc9a8ad3809c54f02996b51b001db9dad334d368
-
SHA256
d4a2999e1cf3908ed47659dc5c4b324b2f40a82f919b0c2755aa18ff0f1d55f1
-
SHA512
4df25bb6f615bc888d2bbae673397948b30e045703724e950ea343843c3e966536e736b8e28ebaccf7879f0f3b4027e99e77eff85f31a1005701d99397b1eea6
-
SSDEEP
24576:CycCpgLZt8cHJZPC6sdODbIXaz3CiWDJxBqq/U:pxgjRpJ/sdOJC/t/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-