General
-
Target
0d1edc7ca93cc0e8756b2106649277c767978bca4d8f6af130bb816c995cc96c
-
Size
980KB
-
Sample
230411-nb7h3adg3s
-
MD5
57cb6c875c2eb3b37a37101bfe72c0d6
-
SHA1
3a60b9c99a20ae65e75b051117b1be4dff1b5fa2
-
SHA256
0d1edc7ca93cc0e8756b2106649277c767978bca4d8f6af130bb816c995cc96c
-
SHA512
b674c7b9cc1bed806c9fa011af45fababb7c75d24bcbb3e605851bb0cdd65280a3a4065201c12ae6ccd4c064bebe7fad9ce58366fbd346fb219a7d28f3d80205
-
SSDEEP
24576:FyUZsH3sdc284wSFhFOGMNyRr2RePzO1NNxAN74/ENrGW:gUZsH8S28KnFyycRePzwSWE
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
0d1edc7ca93cc0e8756b2106649277c767978bca4d8f6af130bb816c995cc96c
-
Size
980KB
-
MD5
57cb6c875c2eb3b37a37101bfe72c0d6
-
SHA1
3a60b9c99a20ae65e75b051117b1be4dff1b5fa2
-
SHA256
0d1edc7ca93cc0e8756b2106649277c767978bca4d8f6af130bb816c995cc96c
-
SHA512
b674c7b9cc1bed806c9fa011af45fababb7c75d24bcbb3e605851bb0cdd65280a3a4065201c12ae6ccd4c064bebe7fad9ce58366fbd346fb219a7d28f3d80205
-
SSDEEP
24576:FyUZsH3sdc284wSFhFOGMNyRr2RePzO1NNxAN74/ENrGW:gUZsH8S28KnFyycRePzwSWE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-