General
-
Target
797cd8fc8d79347b8bcd37e4d3da854f81e02dbe2dc7c44e52afe9076ef43ae5
-
Size
1.3MB
-
Sample
230224-l52tkach2x
-
MD5
9760f75761d6eeedd9e5fe0366741a76
-
SHA1
eb5c2ddc83b31a1ce420e52a71f05446660242a6
-
SHA256
797cd8fc8d79347b8bcd37e4d3da854f81e02dbe2dc7c44e52afe9076ef43ae5
-
SHA512
74060161db8b592ac80acd48f36b3260cb8d15240bb0d283adc49333a701ac3dc5d0626d802b562c6b770275b73cfcc68e0c7edde7bf78981223834fe2f08f6c
-
SSDEEP
24576:7yRmwmpt6jzLqjrazvht/+XcnU1JwMYbtyuWxAOR5OgIswXSImHa:uUzp0LqjrOvKRDJ2OLOjswUH
Static task
static1
Malware Config
Extracted
redline
ronur
193.233.20.20:4134
-
auth_value
f88f86755a528d4b25f6f3628c460965
Extracted
redline
funka
193.233.20.20:4134
-
auth_value
cdb395608d7ec633dce3d2f0c7fb0741
Extracted
amadey
3.67
193.233.20.15/dF30Hn4m/index.php
Targets
-
-
Target
797cd8fc8d79347b8bcd37e4d3da854f81e02dbe2dc7c44e52afe9076ef43ae5
-
Size
1.3MB
-
MD5
9760f75761d6eeedd9e5fe0366741a76
-
SHA1
eb5c2ddc83b31a1ce420e52a71f05446660242a6
-
SHA256
797cd8fc8d79347b8bcd37e4d3da854f81e02dbe2dc7c44e52afe9076ef43ae5
-
SHA512
74060161db8b592ac80acd48f36b3260cb8d15240bb0d283adc49333a701ac3dc5d0626d802b562c6b770275b73cfcc68e0c7edde7bf78981223834fe2f08f6c
-
SSDEEP
24576:7yRmwmpt6jzLqjrazvht/+XcnU1JwMYbtyuWxAOR5OgIswXSImHa:uUzp0LqjrOvKRDJ2OLOjswUH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-