General
-
Target
f73d2ebd1140377094858de60951643a8e558a5a924263027acab80ddd9ac8ea
-
Size
1.1MB
-
Sample
230409-sa3wpsdc8v
-
MD5
81ec4138cdc64ac1e5aa31c03ace7ada
-
SHA1
b8cd45e7637656c40ce99f1e98ea673f9f5db3da
-
SHA256
f73d2ebd1140377094858de60951643a8e558a5a924263027acab80ddd9ac8ea
-
SHA512
d04827cad206c88586724457b0c7fc379f1e70db55824ef01ed5d953f796ec318f1c5e384ff3e6fbdb43019e9bb2a71b5db5b7c1761f77c6f3c2a2551bc22790
-
SSDEEP
24576:gyAqErnD636znZ4ilOt0tajgjxKm1JyyvHz:nAq+nzzWilOt08ElPyy
Static task
static1
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
lenox
77.91.124.145:4125
-
auth_value
a5c9c17a250a084c5fd706c1df7c2d4e
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
f73d2ebd1140377094858de60951643a8e558a5a924263027acab80ddd9ac8ea
-
Size
1.1MB
-
MD5
81ec4138cdc64ac1e5aa31c03ace7ada
-
SHA1
b8cd45e7637656c40ce99f1e98ea673f9f5db3da
-
SHA256
f73d2ebd1140377094858de60951643a8e558a5a924263027acab80ddd9ac8ea
-
SHA512
d04827cad206c88586724457b0c7fc379f1e70db55824ef01ed5d953f796ec318f1c5e384ff3e6fbdb43019e9bb2a71b5db5b7c1761f77c6f3c2a2551bc22790
-
SSDEEP
24576:gyAqErnD636znZ4ilOt0tajgjxKm1JyyvHz:nAq+nzzWilOt08ElPyy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-