General
-
Target
facac21e0e00dc14ed549041d8ef7ca02175cd2de3d1d835f5d6fe0c18fe8b17
-
Size
707KB
-
Sample
230411-mxevhabh92
-
MD5
ffbbc898008f96fd9665e1f4ca9522c0
-
SHA1
409171d69a98577a0fcbde4c32959f474cf27fcd
-
SHA256
facac21e0e00dc14ed549041d8ef7ca02175cd2de3d1d835f5d6fe0c18fe8b17
-
SHA512
a33c91d9fa07d155956f1d22ba018059def7c619f7c916e9505d4df2106b86be0bcedf23684992022ecf24654ba59dc974fee7bfc31024b905a33fd1ebcc9732
-
SSDEEP
12288:7MrJy905ED6rPmOswpquFIroLQNttzoVRwP1pJ7t5Yp4p/xeDgjCS34RTkprQ:SyPD4PmODquFnQN3zoVRw9pJ7IpCeSCX
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
facac21e0e00dc14ed549041d8ef7ca02175cd2de3d1d835f5d6fe0c18fe8b17
-
Size
707KB
-
MD5
ffbbc898008f96fd9665e1f4ca9522c0
-
SHA1
409171d69a98577a0fcbde4c32959f474cf27fcd
-
SHA256
facac21e0e00dc14ed549041d8ef7ca02175cd2de3d1d835f5d6fe0c18fe8b17
-
SHA512
a33c91d9fa07d155956f1d22ba018059def7c619f7c916e9505d4df2106b86be0bcedf23684992022ecf24654ba59dc974fee7bfc31024b905a33fd1ebcc9732
-
SSDEEP
12288:7MrJy905ED6rPmOswpquFIroLQNttzoVRwP1pJ7t5Yp4p/xeDgjCS34RTkprQ:SyPD4PmODquFnQN3zoVRw9pJ7IpCeSCX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-