General
-
Target
955653c3ccb3a7de9c564491a3d8ea479edcc8f75e2a6768d4e05d771d7f238d
-
Size
690KB
-
Sample
230318-he9vpsde8z
-
MD5
01f311339a49c65606fe5622d34ceec7
-
SHA1
de1032b4a7e6fa977677ebabd2436dc71d30a923
-
SHA256
955653c3ccb3a7de9c564491a3d8ea479edcc8f75e2a6768d4e05d771d7f238d
-
SHA512
9550b76881345002f533e69e909961bb662f8ebab65d2b58b619c3b343b670d38e364e95eef7ec3203a1493d071f890aa895ac24e15b1b06d19fe2b06ecdba23
-
SSDEEP
12288:eMrny901WarA5BwmtViMlpbeQ8XdmXFIakR0odOD26AqR8S4+qbGxp/CMl1L:9y4UwGVFHZ1hg0G6AqR8oqbaUMnL
Static task
static1
Malware Config
Extracted
redline
lint
193.233.20.28:4125
-
auth_value
0e95262fb78243c67430f3148303e5b7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
redline
Redline
85.31.54.181:43728
-
auth_value
1666a0a46296c430de7ba5e70bd0c0f3
Targets
-
-
Target
955653c3ccb3a7de9c564491a3d8ea479edcc8f75e2a6768d4e05d771d7f238d
-
Size
690KB
-
MD5
01f311339a49c65606fe5622d34ceec7
-
SHA1
de1032b4a7e6fa977677ebabd2436dc71d30a923
-
SHA256
955653c3ccb3a7de9c564491a3d8ea479edcc8f75e2a6768d4e05d771d7f238d
-
SHA512
9550b76881345002f533e69e909961bb662f8ebab65d2b58b619c3b343b670d38e364e95eef7ec3203a1493d071f890aa895ac24e15b1b06d19fe2b06ecdba23
-
SSDEEP
12288:eMrny901WarA5BwmtViMlpbeQ8XdmXFIakR0odOD26AqR8S4+qbGxp/CMl1L:9y4UwGVFHZ1hg0G6AqR8oqbaUMnL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-