General
-
Target
b85ac1ad6fd2cc4e937318f4b0795705fa4250e88f23a5bcda4b190b4649dc03
-
Size
1001KB
-
Sample
230331-y4mpgaee2w
-
MD5
7a307c7c28f23b47ca2867d4dac2f0bf
-
SHA1
df706cf3c59722cf425995e2ed2e38bca4c1ddba
-
SHA256
b85ac1ad6fd2cc4e937318f4b0795705fa4250e88f23a5bcda4b190b4649dc03
-
SHA512
024ea76a1359992802a57d278b85eda9ff6ca9dedda12987fa7e2800d9fe986046cae1173eaf4441ccaa15af1d23c910ef94562043e5511b83cc2bf829c2f7ed
-
SSDEEP
24576:0yz2eyggWK1TYwEEZNMUuYb2AHhOB0UoMEuMIMHtOUfn5dnVxjNs0Y:DzTygp6TYs6g2wYN1zSwUfnnV5
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
b85ac1ad6fd2cc4e937318f4b0795705fa4250e88f23a5bcda4b190b4649dc03
-
Size
1001KB
-
MD5
7a307c7c28f23b47ca2867d4dac2f0bf
-
SHA1
df706cf3c59722cf425995e2ed2e38bca4c1ddba
-
SHA256
b85ac1ad6fd2cc4e937318f4b0795705fa4250e88f23a5bcda4b190b4649dc03
-
SHA512
024ea76a1359992802a57d278b85eda9ff6ca9dedda12987fa7e2800d9fe986046cae1173eaf4441ccaa15af1d23c910ef94562043e5511b83cc2bf829c2f7ed
-
SSDEEP
24576:0yz2eyggWK1TYwEEZNMUuYb2AHhOB0UoMEuMIMHtOUfn5dnVxjNs0Y:DzTygp6TYs6g2wYN1zSwUfnnV5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-