General
-
Target
b6c2f70c9ac218b577a17424f099a795a7643db38d2169d457bd9be9e44b21af
-
Size
689KB
-
Sample
230318-dglhnsda6w
-
MD5
1122f093d1776ebd658ad6bd0d1f51ee
-
SHA1
b3eed4b651a58faac915d94d17700b5eec058d2a
-
SHA256
b6c2f70c9ac218b577a17424f099a795a7643db38d2169d457bd9be9e44b21af
-
SHA512
7c3e85c27eef88fd04cf93f3e7e5cdc52649b09712b06671cc7ece3dd6484f520c59b9ebbb986d5834e9475f639383bc420ee129cbcc7c8e2df1e2311d983d6d
-
SSDEEP
12288:TMrvy90dKw2n9OzOAzucaUm1QSZT1IK3tcLHTv5yNuf3lhDZMU:QyNnkz3HaUm1btcf5yuflh3
Static task
static1
Behavioral task
behavioral1
Sample
b6c2f70c9ac218b577a17424f099a795a7643db38d2169d457bd9be9e44b21af.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lint
193.233.20.28:4125
-
auth_value
0e95262fb78243c67430f3148303e5b7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
b6c2f70c9ac218b577a17424f099a795a7643db38d2169d457bd9be9e44b21af
-
Size
689KB
-
MD5
1122f093d1776ebd658ad6bd0d1f51ee
-
SHA1
b3eed4b651a58faac915d94d17700b5eec058d2a
-
SHA256
b6c2f70c9ac218b577a17424f099a795a7643db38d2169d457bd9be9e44b21af
-
SHA512
7c3e85c27eef88fd04cf93f3e7e5cdc52649b09712b06671cc7ece3dd6484f520c59b9ebbb986d5834e9475f639383bc420ee129cbcc7c8e2df1e2311d983d6d
-
SSDEEP
12288:TMrvy90dKw2n9OzOAzucaUm1QSZT1IK3tcLHTv5yNuf3lhDZMU:QyNnkz3HaUm1btcf5yuflh3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-