General
-
Target
DanaBotV3.exe
-
Size
313KB
-
Sample
240208-elvsksba5z
-
MD5
ff50007cd2d26302a69a3d9e3d409d8d
-
SHA1
58453f753f43c209cfd6c1388cb29d686b602fe3
-
SHA256
0328bce00451a889effe1a2d28c26d82f272087d41a243c32faf9730b5390d70
-
SHA512
4c29659dad40cfd65aadc744b13fa334bf36956e81e254a447d903801171b8808dd727b498db065749ed5d6ebd554c02cf9b022a5134e0cd251eb4d4c5038977
-
SSDEEP
3072:lA0SOzKRp+c9og2LsbfbujzJ8KuJnSntaN7sx1O/VpeIbMRqfjDv/YEeqiOL2bBP:JkR59QLsbfS5Xt0Ix1O3pMRqfjD4qL
Malware Config
Extracted
redline
tg
79.137.203.183:36235
Targets
-
-
Target
DanaBotV3.exe
-
Size
313KB
-
MD5
ff50007cd2d26302a69a3d9e3d409d8d
-
SHA1
58453f753f43c209cfd6c1388cb29d686b602fe3
-
SHA256
0328bce00451a889effe1a2d28c26d82f272087d41a243c32faf9730b5390d70
-
SHA512
4c29659dad40cfd65aadc744b13fa334bf36956e81e254a447d903801171b8808dd727b498db065749ed5d6ebd554c02cf9b022a5134e0cd251eb4d4c5038977
-
SSDEEP
3072:lA0SOzKRp+c9og2LsbfbujzJ8KuJnSntaN7sx1O/VpeIbMRqfjDv/YEeqiOL2bBP:JkR59QLsbfS5Xt0Ix1O3pMRqfjD4qL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-