General
-
Target
02304038346c4a5b904bfeff6b56592b65c12385b070af3d49577ddb40772ae2
-
Size
998KB
-
Sample
230331-zwdbhadd73
-
MD5
b0bab2a2113861945dbd101e9dd0b204
-
SHA1
9638ca5f597a25bfc7020ab3be8eb6f37673b5f5
-
SHA256
02304038346c4a5b904bfeff6b56592b65c12385b070af3d49577ddb40772ae2
-
SHA512
be6bbe7816993bd504c1dcc37037d3d30c24983875a10214376837f3ba45152b80292c440c2a58202eba4c167a4d1ac3d8b2853435ebedf1fd0a0eda89a05744
-
SSDEEP
24576:2y5yzTo7O1GDZTDxbEw/bd7T733htOhGdMbFta:FwGvd/rRYhGdMbF
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
02304038346c4a5b904bfeff6b56592b65c12385b070af3d49577ddb40772ae2
-
Size
998KB
-
MD5
b0bab2a2113861945dbd101e9dd0b204
-
SHA1
9638ca5f597a25bfc7020ab3be8eb6f37673b5f5
-
SHA256
02304038346c4a5b904bfeff6b56592b65c12385b070af3d49577ddb40772ae2
-
SHA512
be6bbe7816993bd504c1dcc37037d3d30c24983875a10214376837f3ba45152b80292c440c2a58202eba4c167a4d1ac3d8b2853435ebedf1fd0a0eda89a05744
-
SSDEEP
24576:2y5yzTo7O1GDZTDxbEw/bd7T733htOhGdMbFta:FwGvd/rRYhGdMbF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-