General
-
Target
a5e82ece19aee78042c101076f3b2f871837d4dcbe7694f209d98384d0a9b560
-
Size
982KB
-
Sample
230411-ndntqsca77
-
MD5
d82752a6ff22439c5b16aefb4bae7408
-
SHA1
2d2f87dd20cc4536d76280982b369e53c45f90a7
-
SHA256
a5e82ece19aee78042c101076f3b2f871837d4dcbe7694f209d98384d0a9b560
-
SHA512
c6964405f711a26f3103e7c38d54718f3ddc6a119cfa6d2815472c7707f97eda3acdaca1e1d2673e483ad169d417ae2608ae304da99d6063c4ff56ecab410bb0
-
SSDEEP
24576:oyCE2FXGvViF47zcHNmWMydfWKxtDOdGbF+CawdzoyC+CK0+j:vrzzSNEmfWa8GdreH+
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
a5e82ece19aee78042c101076f3b2f871837d4dcbe7694f209d98384d0a9b560
-
Size
982KB
-
MD5
d82752a6ff22439c5b16aefb4bae7408
-
SHA1
2d2f87dd20cc4536d76280982b369e53c45f90a7
-
SHA256
a5e82ece19aee78042c101076f3b2f871837d4dcbe7694f209d98384d0a9b560
-
SHA512
c6964405f711a26f3103e7c38d54718f3ddc6a119cfa6d2815472c7707f97eda3acdaca1e1d2673e483ad169d417ae2608ae304da99d6063c4ff56ecab410bb0
-
SSDEEP
24576:oyCE2FXGvViF47zcHNmWMydfWKxtDOdGbF+CawdzoyC+CK0+j:vrzzSNEmfWa8GdreH+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-