General
-
Target
0dda4542cc50764c5376010bcd4c74c929c4abf83ceb072387416da060062d52
-
Size
1002KB
-
Sample
230401-eb56kafg54
-
MD5
7ab8d4c906a9505d43d4c10a309c99a4
-
SHA1
9fcfed4d40f0cf89f9a99adc72e2209fd67c4b90
-
SHA256
0dda4542cc50764c5376010bcd4c74c929c4abf83ceb072387416da060062d52
-
SHA512
fa9a9260606a00c9483a4fd78632e2b5a09a21f06a36178b90138a7fa641d73e8288ee544faee6575d09e170d2b3a7c8e9592a25625e71488e6c58bf2efabc21
-
SSDEEP
24576:/yx4Ata/ITeCqlN7QAUDR6uRm+jorLPB:Kx4ANipQAJ+jG
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Extracted
redline
Redline
85.31.54.183:43728
-
auth_value
1666a0a46296c430de7ba5e70bd0c0f3
Targets
-
-
Target
0dda4542cc50764c5376010bcd4c74c929c4abf83ceb072387416da060062d52
-
Size
1002KB
-
MD5
7ab8d4c906a9505d43d4c10a309c99a4
-
SHA1
9fcfed4d40f0cf89f9a99adc72e2209fd67c4b90
-
SHA256
0dda4542cc50764c5376010bcd4c74c929c4abf83ceb072387416da060062d52
-
SHA512
fa9a9260606a00c9483a4fd78632e2b5a09a21f06a36178b90138a7fa641d73e8288ee544faee6575d09e170d2b3a7c8e9592a25625e71488e6c58bf2efabc21
-
SSDEEP
24576:/yx4Ata/ITeCqlN7QAUDR6uRm+jorLPB:Kx4ANipQAJ+jG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-