General
-
Target
a673bfb997d2a40ed4d887cc12893805e2b38f35915958bfaf0e4cb4c63f3603
-
Size
992KB
-
Sample
230401-n1zvhsbc3s
-
MD5
b19f26efaaafd467ea7390e17084ff71
-
SHA1
9c2458ee575b8212ebf99e2f1e9fe9975e4b8bb0
-
SHA256
a673bfb997d2a40ed4d887cc12893805e2b38f35915958bfaf0e4cb4c63f3603
-
SHA512
ede8500f276f6ffbd4c37e02a0463d13de64e2f10378a587cd78792653f5da2adcd5c658c9107f126191f9dcc10348e0c9f6a1fdac2a88d822c21d2255de575f
-
SSDEEP
24576:GymP+NYqV6BrX+S7TcdGOrshOdg9bTQNx+ta:VmP+Jw+S7TcdG+cOd23Nt
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
a673bfb997d2a40ed4d887cc12893805e2b38f35915958bfaf0e4cb4c63f3603
-
Size
992KB
-
MD5
b19f26efaaafd467ea7390e17084ff71
-
SHA1
9c2458ee575b8212ebf99e2f1e9fe9975e4b8bb0
-
SHA256
a673bfb997d2a40ed4d887cc12893805e2b38f35915958bfaf0e4cb4c63f3603
-
SHA512
ede8500f276f6ffbd4c37e02a0463d13de64e2f10378a587cd78792653f5da2adcd5c658c9107f126191f9dcc10348e0c9f6a1fdac2a88d822c21d2255de575f
-
SSDEEP
24576:GymP+NYqV6BrX+S7TcdGOrshOdg9bTQNx+ta:VmP+Jw+S7TcdG+cOd23Nt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-