General
-
Target
721a145501c508787ce05f8af321fdccf9b6f4ed0763fb82377b40ae09a01913
-
Size
800KB
-
Sample
230616-1qxcvsgh25
-
MD5
ed01eff77ebce696f697641958a0bb0e
-
SHA1
ba3b0056b30f7e263906259eb9fe576038637ce5
-
SHA256
721a145501c508787ce05f8af321fdccf9b6f4ed0763fb82377b40ae09a01913
-
SHA512
97e806cc7270b19251859afb0318094f74d28f91e7331f1d4ef5a6358455ed347804b5bd6612ee3842186e728daaa019dea1229dff408610eeb7942b89db4526
-
SSDEEP
12288:NMr4y909AVJfNjVXb9SZIpN3pbVdvmI5rwX99ENy7CaIzs8qHjfRb/8bxmY7DRYw:9ywAVpQZ8GIy7cs8ujmP79Y8b3Xk+
Static task
static1
Malware Config
Extracted
redline
grega
83.97.73.130:19061
-
auth_value
16e2fbc2847b2270b3f0679e2dd76c8d
Extracted
redline
medo
83.97.73.130:19061
-
auth_value
f42b958077ee5abcccfea8daf5e27d13
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
721a145501c508787ce05f8af321fdccf9b6f4ed0763fb82377b40ae09a01913
-
Size
800KB
-
MD5
ed01eff77ebce696f697641958a0bb0e
-
SHA1
ba3b0056b30f7e263906259eb9fe576038637ce5
-
SHA256
721a145501c508787ce05f8af321fdccf9b6f4ed0763fb82377b40ae09a01913
-
SHA512
97e806cc7270b19251859afb0318094f74d28f91e7331f1d4ef5a6358455ed347804b5bd6612ee3842186e728daaa019dea1229dff408610eeb7942b89db4526
-
SSDEEP
12288:NMr4y909AVJfNjVXb9SZIpN3pbVdvmI5rwX99ENy7CaIzs8qHjfRb/8bxmY7DRYw:9ywAVpQZ8GIy7cs8ujmP79Y8b3Xk+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-