General
-
Target
97cdc0943fb6e3b56f3478cdc820443237d95bbd8067c19436fadc4506fdf9f2
-
Size
982KB
-
Sample
230411-l5ezssbg44
-
MD5
5220424b903e1827fb62381c2eff4dc1
-
SHA1
532aeb49c265e49ad4768d805771ce38bac8c4b5
-
SHA256
97cdc0943fb6e3b56f3478cdc820443237d95bbd8067c19436fadc4506fdf9f2
-
SHA512
53626cf991c57bbb2edca0f8fc2ded206caade2c9a633458ac59932104f762ce5648bb9caba3cdd808120dc431d258e740700b77c761b02f8de6d7c14e9282bb
-
SSDEEP
24576:GyeWQ7UrE5utOyQTf/APz2ufesgzWeDnq7/OHcrNH/a75:Vef46ffKxefeccrNHa
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
97cdc0943fb6e3b56f3478cdc820443237d95bbd8067c19436fadc4506fdf9f2
-
Size
982KB
-
MD5
5220424b903e1827fb62381c2eff4dc1
-
SHA1
532aeb49c265e49ad4768d805771ce38bac8c4b5
-
SHA256
97cdc0943fb6e3b56f3478cdc820443237d95bbd8067c19436fadc4506fdf9f2
-
SHA512
53626cf991c57bbb2edca0f8fc2ded206caade2c9a633458ac59932104f762ce5648bb9caba3cdd808120dc431d258e740700b77c761b02f8de6d7c14e9282bb
-
SSDEEP
24576:GyeWQ7UrE5utOyQTf/APz2ufesgzWeDnq7/OHcrNH/a75:Vef46ffKxefeccrNHa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-