General
-
Target
eca961a89a117c8b695748235cae270233ac4fb0bd26d22bbb5bc8d73b389a3f
-
Size
719KB
-
Sample
230411-n9mljsea21
-
MD5
a9c88618f28123a521d7cb4cce3185ac
-
SHA1
ceea3671280b38866036b675a3b702b87be79fb0
-
SHA256
eca961a89a117c8b695748235cae270233ac4fb0bd26d22bbb5bc8d73b389a3f
-
SHA512
8752d3a74d8a4fc54e71f27f77706ff6aa68d8de14e6c1b6c680d615f60d54792ee5713ad0416c7d6c89407b6dba8d731ca96d1fecb88a5dbaff70db66ce8cf0
-
SSDEEP
12288:IMrIy909OnJxpT6/q2cMMQX5K+zzTUZS//zSxMV3jcPraxhhrXh:AyKIDpuim5KOe8ziMVjdhrXh
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
diza
185.161.248.90:4125
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
eca961a89a117c8b695748235cae270233ac4fb0bd26d22bbb5bc8d73b389a3f
-
Size
719KB
-
MD5
a9c88618f28123a521d7cb4cce3185ac
-
SHA1
ceea3671280b38866036b675a3b702b87be79fb0
-
SHA256
eca961a89a117c8b695748235cae270233ac4fb0bd26d22bbb5bc8d73b389a3f
-
SHA512
8752d3a74d8a4fc54e71f27f77706ff6aa68d8de14e6c1b6c680d615f60d54792ee5713ad0416c7d6c89407b6dba8d731ca96d1fecb88a5dbaff70db66ce8cf0
-
SSDEEP
12288:IMrIy909OnJxpT6/q2cMMQX5K+zzTUZS//zSxMV3jcPraxhhrXh:AyKIDpuim5KOe8ziMVjdhrXh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-