General
-
Target
100c6f5ff43129f8838775ea9db7d645f58b42ba53f6d38addc0b7e12e971c71
-
Size
1.1MB
-
Sample
230225-ayawqabe44
-
MD5
f7fcc9ecea4df8acc286dd80d8b62c51
-
SHA1
9d580dc7e0896e138884cf901b1ecc59bf4c830e
-
SHA256
100c6f5ff43129f8838775ea9db7d645f58b42ba53f6d38addc0b7e12e971c71
-
SHA512
1b5688f570aca5d70bb2821376dcb18d2dd11722e6fbad41f0536996f81229d5b9ff6e9f7bd77c2537eeec04901183ff0b7ae18312668d181057b27f799d4767
-
SSDEEP
24576:Ey7VPpJ7JzXNQR9mUh8ZSMCp7CxFAp63zCQg9fTUTfF4DiAm4+0z+t:T7V37pNWz+7C4xVGB9LMfFS
Static task
static1
Malware Config
Extracted
redline
rodik
193.233.20.23:4124
-
auth_value
59b6e22e7cfd9b5fa0c99d1942f7c85d
Extracted
amadey
3.67
193.233.20.15/dF30Hn4m/index.php
Extracted
amadey
3.66
62.204.41.88/9vdVVVjsw/index.php
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
100c6f5ff43129f8838775ea9db7d645f58b42ba53f6d38addc0b7e12e971c71
-
Size
1.1MB
-
MD5
f7fcc9ecea4df8acc286dd80d8b62c51
-
SHA1
9d580dc7e0896e138884cf901b1ecc59bf4c830e
-
SHA256
100c6f5ff43129f8838775ea9db7d645f58b42ba53f6d38addc0b7e12e971c71
-
SHA512
1b5688f570aca5d70bb2821376dcb18d2dd11722e6fbad41f0536996f81229d5b9ff6e9f7bd77c2537eeec04901183ff0b7ae18312668d181057b27f799d4767
-
SSDEEP
24576:Ey7VPpJ7JzXNQR9mUh8ZSMCp7CxFAp63zCQg9fTUTfF4DiAm4+0z+t:T7V37pNWz+7C4xVGB9LMfFS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-