General
-
Target
971ea96abcf1cd2ecf03883e11f1e2b95ea27703ef31bd23e8d9c6d9f140619a
-
Size
1000KB
-
Sample
230331-wwzmysdf8x
-
MD5
e795551c4609744f0669ba0a35a47e90
-
SHA1
b302d6fe339cde7aa58b40cb8513860f5fbc3141
-
SHA256
971ea96abcf1cd2ecf03883e11f1e2b95ea27703ef31bd23e8d9c6d9f140619a
-
SHA512
cedf96c0cf8b46419cdf3c326922b75f186daabd1954772ed752b8f5c33bb3f70ef20faaac41943925802b2846f761f147b99f405053bcda7a24bb8a84902a39
-
SSDEEP
24576:0yZ79924smARNNxE2dkyrrVocHd8g6y2AM:Dt91tARtE2eyrn98g6X
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
971ea96abcf1cd2ecf03883e11f1e2b95ea27703ef31bd23e8d9c6d9f140619a
-
Size
1000KB
-
MD5
e795551c4609744f0669ba0a35a47e90
-
SHA1
b302d6fe339cde7aa58b40cb8513860f5fbc3141
-
SHA256
971ea96abcf1cd2ecf03883e11f1e2b95ea27703ef31bd23e8d9c6d9f140619a
-
SHA512
cedf96c0cf8b46419cdf3c326922b75f186daabd1954772ed752b8f5c33bb3f70ef20faaac41943925802b2846f761f147b99f405053bcda7a24bb8a84902a39
-
SSDEEP
24576:0yZ79924smARNNxE2dkyrrVocHd8g6y2AM:Dt91tARtE2eyrn98g6X
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-