General
-
Target
a419f385a4786da3f08b1bb3d90cafc3e958c683fc60458d20907a50ff2af909
-
Size
1.5MB
-
Sample
230414-fvn7tshg2v
-
MD5
8988dee6bcda14bb43b19fe1df8578dd
-
SHA1
f764aa93a5fb880d59a9977f0e0abbc5ef6ea546
-
SHA256
a419f385a4786da3f08b1bb3d90cafc3e958c683fc60458d20907a50ff2af909
-
SHA512
6cf30d7d05c9efef8aa3b3b6896817f42750bd3be080d10f66d12295b5c8f66e43024c672707537853986ae7cb8b4582b29e13d698f834c4b47d205457550cb8
-
SSDEEP
24576:Nyw8YE7nPGYc+o3y6aGIfUm3J13szv8aHRpDh2tdz4im4dXkegYgBj6Pd6UE6DeB:oRYEPkna7BnCxpdSayXke6jJUEoe
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
amadey
3.70
193.201.9.43/plays/chapter/index.php
Extracted
redline
masi
185.161.248.90:4125
-
auth_value
6e26457e57602c4cf35356c36d8dd8e8
Targets
-
-
Target
a419f385a4786da3f08b1bb3d90cafc3e958c683fc60458d20907a50ff2af909
-
Size
1.5MB
-
MD5
8988dee6bcda14bb43b19fe1df8578dd
-
SHA1
f764aa93a5fb880d59a9977f0e0abbc5ef6ea546
-
SHA256
a419f385a4786da3f08b1bb3d90cafc3e958c683fc60458d20907a50ff2af909
-
SHA512
6cf30d7d05c9efef8aa3b3b6896817f42750bd3be080d10f66d12295b5c8f66e43024c672707537853986ae7cb8b4582b29e13d698f834c4b47d205457550cb8
-
SSDEEP
24576:Nyw8YE7nPGYc+o3y6aGIfUm3J13szv8aHRpDh2tdz4im4dXkegYgBj6Pd6UE6DeB:oRYEPkna7BnCxpdSayXke6jJUEoe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-