General
-
Target
8770ef0b89512a13076550061c19838e6c7225a29f694f8ee67b2351d71a96d6
-
Size
1.0MB
-
Sample
230328-28197sfe5s
-
MD5
14f2d98279f8eae9fc52ee3fb284e138
-
SHA1
6b82a159d6e57d58cdf56bba1a46567c3f7315e6
-
SHA256
8770ef0b89512a13076550061c19838e6c7225a29f694f8ee67b2351d71a96d6
-
SHA512
156bc6d7a1be8a5b40e10bbcd2059587792e2b959debea3f59f526c3418ab0c4becf5136fd493acff4c33ddaf3813bbd000af02c4baea8b78c70d20182efa33b
-
SSDEEP
24576:iybBLhdMPNLMgCM7KR92mGXf3UjyI4UGe:JbBLbMPJMgCmKRbgfqk
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nado
176.113.115.145:4125
-
auth_value
a648e365d8e0df895a84152ad68ffc56
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
8770ef0b89512a13076550061c19838e6c7225a29f694f8ee67b2351d71a96d6
-
Size
1.0MB
-
MD5
14f2d98279f8eae9fc52ee3fb284e138
-
SHA1
6b82a159d6e57d58cdf56bba1a46567c3f7315e6
-
SHA256
8770ef0b89512a13076550061c19838e6c7225a29f694f8ee67b2351d71a96d6
-
SHA512
156bc6d7a1be8a5b40e10bbcd2059587792e2b959debea3f59f526c3418ab0c4becf5136fd493acff4c33ddaf3813bbd000af02c4baea8b78c70d20182efa33b
-
SSDEEP
24576:iybBLhdMPNLMgCM7KR92mGXf3UjyI4UGe:JbBLbMPJMgCmKRbgfqk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-