General
-
Target
fcab28a79a9ff666b438941ab23fe3b96e113fc00872d630ce636cd253bfcd08
-
Size
707KB
-
Sample
230411-l2yyhabg36
-
MD5
fe06fc562e9a5c03ee20976becb07e90
-
SHA1
baa039b0535494f9650a425574d405dacfd88c45
-
SHA256
fcab28a79a9ff666b438941ab23fe3b96e113fc00872d630ce636cd253bfcd08
-
SHA512
4ee9692f4cc0ea0a3750b0caf8d3e7e4cbe251a4cd64ee36a24c7a8eaf3f3826e94b8f9195a7943bdd8ca8edeeb95bbf45f6fcadefc65d5856e6375ecde8b0d6
-
SSDEEP
12288:LMrZy90m1DyBvf87ohZsWkb5BHsWwrJgt7cze/2vP1n27tq2M4prdUysz1rJFpuF:eyvDy9fKoIW001qAze/2v9n27DMfyszE
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
fcab28a79a9ff666b438941ab23fe3b96e113fc00872d630ce636cd253bfcd08
-
Size
707KB
-
MD5
fe06fc562e9a5c03ee20976becb07e90
-
SHA1
baa039b0535494f9650a425574d405dacfd88c45
-
SHA256
fcab28a79a9ff666b438941ab23fe3b96e113fc00872d630ce636cd253bfcd08
-
SHA512
4ee9692f4cc0ea0a3750b0caf8d3e7e4cbe251a4cd64ee36a24c7a8eaf3f3826e94b8f9195a7943bdd8ca8edeeb95bbf45f6fcadefc65d5856e6375ecde8b0d6
-
SSDEEP
12288:LMrZy90m1DyBvf87ohZsWkb5BHsWwrJgt7cze/2vP1n27tq2M4prdUysz1rJFpuF:eyvDy9fKoIW001qAze/2v9n27DMfyszE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-