General
-
Target
pegieigh.rar
-
Size
5.1MB
-
Sample
240222-qmmddaad57
-
MD5
aba0d23b40dba70fbf3b3643085d8a25
-
SHA1
54fe7450d6eb062f845a25a2c87ed0cde3999ae2
-
SHA256
87cc10a52a2125a4a1166cd4b5ac9697cbb2ba7cb795b8883fe0b57a516829b9
-
SHA512
a413687606ea42c69958ec61ef400ee9bfa151e8285854e7ead326e1aeff485c4f7fdbeb87e0f00fb855f1a5d74aeb00343db873a4736bfd4fbdb0b891709be2
-
SSDEEP
98304:MYBS/cyqzqBwZJ2GE+KSuvcolFSgmFmGnaJZy6uVhIfjfF:MYBgsqfS/20FmOaJmVgbF
Static task
static1
Malware Config
Extracted
redline
45.15.156.142:33597
Extracted
lumma
https://assumptionflattyou.shop/api
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Targets
-
-
Target
pegieigh.rar
-
Size
5.1MB
-
MD5
aba0d23b40dba70fbf3b3643085d8a25
-
SHA1
54fe7450d6eb062f845a25a2c87ed0cde3999ae2
-
SHA256
87cc10a52a2125a4a1166cd4b5ac9697cbb2ba7cb795b8883fe0b57a516829b9
-
SHA512
a413687606ea42c69958ec61ef400ee9bfa151e8285854e7ead326e1aeff485c4f7fdbeb87e0f00fb855f1a5d74aeb00343db873a4736bfd4fbdb0b891709be2
-
SSDEEP
98304:MYBS/cyqzqBwZJ2GE+KSuvcolFSgmFmGnaJZy6uVhIfjfF:MYBgsqfS/20FmOaJmVgbF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-