General
-
Target
29eab66b3869c78782352a9fd41adf45c9863c64683056d62fb9e9da00a0a15c
-
Size
992KB
-
Sample
230401-l2lceaaf8w
-
MD5
b38ee236779efea1a6aee9d29b1b14bf
-
SHA1
d9dfe9c016d56be6df5c2417eb2f8be80afb476e
-
SHA256
29eab66b3869c78782352a9fd41adf45c9863c64683056d62fb9e9da00a0a15c
-
SHA512
6904c576352e5938311d19df82eac4209477e4f7900c50f464c424dc1f9e0dd1c58c713659a68f0aa46ed7e8ae553ddbd3af473f8d5ee4edb864dd7f6d96fbce
-
SSDEEP
24576:6y6x26liIHf6i9Gl15QV3vWImTE0qtweCjK:B6x26l3o1WgTE0qDC
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
29eab66b3869c78782352a9fd41adf45c9863c64683056d62fb9e9da00a0a15c
-
Size
992KB
-
MD5
b38ee236779efea1a6aee9d29b1b14bf
-
SHA1
d9dfe9c016d56be6df5c2417eb2f8be80afb476e
-
SHA256
29eab66b3869c78782352a9fd41adf45c9863c64683056d62fb9e9da00a0a15c
-
SHA512
6904c576352e5938311d19df82eac4209477e4f7900c50f464c424dc1f9e0dd1c58c713659a68f0aa46ed7e8ae553ddbd3af473f8d5ee4edb864dd7f6d96fbce
-
SSDEEP
24576:6y6x26liIHf6i9Gl15QV3vWImTE0qtweCjK:B6x26l3o1WgTE0qDC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-