General
-
Target
476dbf7cd98828c965c735f09307f2f8f27cc7ded5d51c9c4babe2c6d0b4b592
-
Size
982KB
-
Sample
230411-mzc4padf51
-
MD5
5d7230c121897141d66bc9f8ebc64a3c
-
SHA1
1fa20100c55480df38af3835669a22f9cc9ce4e9
-
SHA256
476dbf7cd98828c965c735f09307f2f8f27cc7ded5d51c9c4babe2c6d0b4b592
-
SHA512
5b69376b44b7a16d31dbb80b7e1e1a90abb3f0e3920f6132250cc5932fc03152520f2a4e124733e9ed2eb128ba7bd018756f5160ba37673cedc3082a9cabab10
-
SSDEEP
24576:YypSU56EfGYs0xyVBodzZfSxD7Wiolfenn6jxKoPX6:fpSwfGYsfBYzG2ynw
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
476dbf7cd98828c965c735f09307f2f8f27cc7ded5d51c9c4babe2c6d0b4b592
-
Size
982KB
-
MD5
5d7230c121897141d66bc9f8ebc64a3c
-
SHA1
1fa20100c55480df38af3835669a22f9cc9ce4e9
-
SHA256
476dbf7cd98828c965c735f09307f2f8f27cc7ded5d51c9c4babe2c6d0b4b592
-
SHA512
5b69376b44b7a16d31dbb80b7e1e1a90abb3f0e3920f6132250cc5932fc03152520f2a4e124733e9ed2eb128ba7bd018756f5160ba37673cedc3082a9cabab10
-
SSDEEP
24576:YypSU56EfGYs0xyVBodzZfSxD7Wiolfenn6jxKoPX6:fpSwfGYsfBYzG2ynw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-