General
-
Target
d3ffdeae85293b07afdbe32bcb0b43dbeaf7db80899ad63cb50992880f06dd7c
-
Size
989KB
-
Sample
230401-nhtksabb3t
-
MD5
d9ea68a01fac2940e54ad968f559e051
-
SHA1
063a09012fbbf28e9deeed729432ef1c74063882
-
SHA256
d3ffdeae85293b07afdbe32bcb0b43dbeaf7db80899ad63cb50992880f06dd7c
-
SHA512
fb5f68d10dfac8d09550cfddddc5f04345ac2503865bf5bb6d67993d4987ee9ccfa0bf631d3a26f9b6a6f7c3d684927a9b69462066522c4540c84a13e27a6fab
-
SSDEEP
24576:uytSa/QN0aabuDmzNKVivyZRfYWjQb3mEYkQg2FYDB8J:9oaIGaa6DmNKsyRfqykQf+l
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
d3ffdeae85293b07afdbe32bcb0b43dbeaf7db80899ad63cb50992880f06dd7c
-
Size
989KB
-
MD5
d9ea68a01fac2940e54ad968f559e051
-
SHA1
063a09012fbbf28e9deeed729432ef1c74063882
-
SHA256
d3ffdeae85293b07afdbe32bcb0b43dbeaf7db80899ad63cb50992880f06dd7c
-
SHA512
fb5f68d10dfac8d09550cfddddc5f04345ac2503865bf5bb6d67993d4987ee9ccfa0bf631d3a26f9b6a6f7c3d684927a9b69462066522c4540c84a13e27a6fab
-
SSDEEP
24576:uytSa/QN0aabuDmzNKVivyZRfYWjQb3mEYkQg2FYDB8J:9oaIGaa6DmNKsyRfqykQf+l
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-