General
-
Target
839541378afe405f2b13077559d9b3d14e7f2f06d99af86ccbea349be61f1bc5
-
Size
992KB
-
Sample
230401-mjr8nshd64
-
MD5
a7cf2ed057599bff8436171443ab772a
-
SHA1
d19203641bcc122e508abd81767af0be4b60c00f
-
SHA256
839541378afe405f2b13077559d9b3d14e7f2f06d99af86ccbea349be61f1bc5
-
SHA512
0095a57613709af086bfc6c1e083356607e55cc0f4e5e2edd01252ab4de74d0d19f087ffc81b4ffac1a7059fac9ab11add24901db3a892cc00dd00ad447220fc
-
SSDEEP
24576:wyHmI24Vj2dFEBMlQB+4XewEHcTeOYtWmN0TKDAxnDiO:3C4Vc/HJw0RNZDWD
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
839541378afe405f2b13077559d9b3d14e7f2f06d99af86ccbea349be61f1bc5
-
Size
992KB
-
MD5
a7cf2ed057599bff8436171443ab772a
-
SHA1
d19203641bcc122e508abd81767af0be4b60c00f
-
SHA256
839541378afe405f2b13077559d9b3d14e7f2f06d99af86ccbea349be61f1bc5
-
SHA512
0095a57613709af086bfc6c1e083356607e55cc0f4e5e2edd01252ab4de74d0d19f087ffc81b4ffac1a7059fac9ab11add24901db3a892cc00dd00ad447220fc
-
SSDEEP
24576:wyHmI24Vj2dFEBMlQB+4XewEHcTeOYtWmN0TKDAxnDiO:3C4Vc/HJw0RNZDWD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-