General
-
Target
bde09d820e64ea4b8c16a62ee4e214dec4bbdb96c1a2f0531a5dece0786d68f4
-
Size
1.4MB
-
Sample
230301-be6dysde4z
-
MD5
e8c63a4cfc7baf116c81df05da57d799
-
SHA1
8575fa36616f02721812d06cba6bda3cf0dd756b
-
SHA256
bde09d820e64ea4b8c16a62ee4e214dec4bbdb96c1a2f0531a5dece0786d68f4
-
SHA512
665d9cc5c47bf2cf363700f83a5171723d18e6ddaae0b1b75c96f45751a84ca032580f8dda62b8d255e0e3afedf1ae24df0afc36d1439e2d7c2ca62c846b2307
-
SSDEEP
24576:ZybIjNVo4wjeG+zuDKrMFtYPc70RZ6GzBoCtYYo28juYi/a6Gudxp6X:M6i4E8prnC0P+riSVud
Static task
static1
Malware Config
Extracted
redline
rumfa
193.233.20.24:4123
-
auth_value
749d02a6b4ef1fa2ad908e44ec2296dc
Extracted
amadey
3.67
193.233.20.14/BR54nmB3/index.php
Extracted
redline
forma
193.233.20.24:4123
-
auth_value
50b8e065d7cb1e9e30786f7a370368f9
Targets
-
-
Target
bde09d820e64ea4b8c16a62ee4e214dec4bbdb96c1a2f0531a5dece0786d68f4
-
Size
1.4MB
-
MD5
e8c63a4cfc7baf116c81df05da57d799
-
SHA1
8575fa36616f02721812d06cba6bda3cf0dd756b
-
SHA256
bde09d820e64ea4b8c16a62ee4e214dec4bbdb96c1a2f0531a5dece0786d68f4
-
SHA512
665d9cc5c47bf2cf363700f83a5171723d18e6ddaae0b1b75c96f45751a84ca032580f8dda62b8d255e0e3afedf1ae24df0afc36d1439e2d7c2ca62c846b2307
-
SSDEEP
24576:ZybIjNVo4wjeG+zuDKrMFtYPc70RZ6GzBoCtYYo28juYi/a6Gudxp6X:M6i4E8prnC0P+riSVud
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-