General
-
Target
b123f421707aafd292b8fdc4c44f4cac9ba862039106ad41dc61d0cd3858bba8
-
Size
843KB
-
Sample
230411-n5by9adh8z
-
MD5
67898682e72d3b36dd81950ebf2936d6
-
SHA1
db024559d83067a8acd1f768d67de9b0ceece94f
-
SHA256
b123f421707aafd292b8fdc4c44f4cac9ba862039106ad41dc61d0cd3858bba8
-
SHA512
c62d57dc02ab779391b68c3b8120603e40649f8b1746d91bd2fc9104b022b82c5524babefceb3e3459746fee36bc598ca05b36e0992887b04f226e2a0075bfff
-
SSDEEP
24576:pybmudgzv2tRbr8iEHjDqEG+OVFuWF1k:cZgzOZr8LHjDq/
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
b123f421707aafd292b8fdc4c44f4cac9ba862039106ad41dc61d0cd3858bba8
-
Size
843KB
-
MD5
67898682e72d3b36dd81950ebf2936d6
-
SHA1
db024559d83067a8acd1f768d67de9b0ceece94f
-
SHA256
b123f421707aafd292b8fdc4c44f4cac9ba862039106ad41dc61d0cd3858bba8
-
SHA512
c62d57dc02ab779391b68c3b8120603e40649f8b1746d91bd2fc9104b022b82c5524babefceb3e3459746fee36bc598ca05b36e0992887b04f226e2a0075bfff
-
SSDEEP
24576:pybmudgzv2tRbr8iEHjDqEG+OVFuWF1k:cZgzOZr8LHjDq/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-