General
-
Target
117536d5683384e9b2b665039957b39e6147416df4b1cd48604c382ecf668c9a
-
Size
689KB
-
Sample
230318-echrnabb46
-
MD5
5868e569a26f43ee2f0b8c5606834c5d
-
SHA1
550df95d81d7a10ed4e4e2debec3c42179e43875
-
SHA256
117536d5683384e9b2b665039957b39e6147416df4b1cd48604c382ecf668c9a
-
SHA512
0d4717232cf05adcb50a601efccea5846e9287c474346500d62e88be7ae40b99eb72620766db6b2509e88a1bc2cf4f51e067d13b6139d652a4609d1228a8e0e1
-
SSDEEP
12288:pMrqy90uyypLmAF1butPuDmjlRJAgZCoMFitmWAvO+SoNBLy/0IcDm0fM:jyPyypLbbutlTfZ2Fi5AvIoN9207m0fM
Static task
static1
Malware Config
Extracted
redline
lint
193.233.20.28:4125
-
auth_value
0e95262fb78243c67430f3148303e5b7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
redline
Redline
85.31.54.181:43728
-
auth_value
1666a0a46296c430de7ba5e70bd0c0f3
Targets
-
-
Target
117536d5683384e9b2b665039957b39e6147416df4b1cd48604c382ecf668c9a
-
Size
689KB
-
MD5
5868e569a26f43ee2f0b8c5606834c5d
-
SHA1
550df95d81d7a10ed4e4e2debec3c42179e43875
-
SHA256
117536d5683384e9b2b665039957b39e6147416df4b1cd48604c382ecf668c9a
-
SHA512
0d4717232cf05adcb50a601efccea5846e9287c474346500d62e88be7ae40b99eb72620766db6b2509e88a1bc2cf4f51e067d13b6139d652a4609d1228a8e0e1
-
SSDEEP
12288:pMrqy90uyypLmAF1butPuDmjlRJAgZCoMFitmWAvO+SoNBLy/0IcDm0fM:jyPyypLbbutlTfZ2Fi5AvIoN9207m0fM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-