General
-
Target
44f5e426cc330477d26f90af0f6ed09c2642e261dc22e81afd823215cfe7a907
-
Size
735KB
-
Sample
230616-ney14aef92
-
MD5
c3137c5247443f3988b8c13a5807c8a2
-
SHA1
b8e69de671b734496862f7bb5df254f019181890
-
SHA256
44f5e426cc330477d26f90af0f6ed09c2642e261dc22e81afd823215cfe7a907
-
SHA512
1c9f520044c138d76ac9900fb0236e6076b679a5258112d329b8aea7b680ce9abec1bb4aa1baff11f5e6af5b73ced0a2519cd580faae43363ce78f499d7edb7c
-
SSDEEP
12288:AMrmy90z9mlK/i7vAczg3OnJhGnNWpK67SgRpLWq+mOMy5:WyOB7OnJhlpKepCTms5
Static task
static1
Malware Config
Extracted
redline
dana
83.97.73.130:19061
-
auth_value
da2d1691db653e49676d799e1eae2673
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Targets
-
-
Target
44f5e426cc330477d26f90af0f6ed09c2642e261dc22e81afd823215cfe7a907
-
Size
735KB
-
MD5
c3137c5247443f3988b8c13a5807c8a2
-
SHA1
b8e69de671b734496862f7bb5df254f019181890
-
SHA256
44f5e426cc330477d26f90af0f6ed09c2642e261dc22e81afd823215cfe7a907
-
SHA512
1c9f520044c138d76ac9900fb0236e6076b679a5258112d329b8aea7b680ce9abec1bb4aa1baff11f5e6af5b73ced0a2519cd580faae43363ce78f499d7edb7c
-
SSDEEP
12288:AMrmy90z9mlK/i7vAczg3OnJhGnNWpK67SgRpLWq+mOMy5:WyOB7OnJhlpKepCTms5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-