General
-
Target
9b0de7000147cda00dc50b87efd2e61d88ff92d4e4b07774b377f8291bc63e18
-
Size
961KB
-
Sample
230320-1qcnfsfe63
-
MD5
d6e8db9623336362782eff915f4b1012
-
SHA1
64053f3528f6255db6da7585d78fe56751d8d799
-
SHA256
9b0de7000147cda00dc50b87efd2e61d88ff92d4e4b07774b377f8291bc63e18
-
SHA512
8ece79c97b6cc40367f2f5ceab21383bd67d77038c8c204a5b572e76536f74c672c176a95730b81c0f6b41497739b86c3a0c4fa136ae6d79eee554cba448694f
-
SSDEEP
24576:+yoCO97wlSxlXkN3wFS/gvuwRxINY81jgTf2:NK97wlq6adLx4R1U
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
9b0de7000147cda00dc50b87efd2e61d88ff92d4e4b07774b377f8291bc63e18
-
Size
961KB
-
MD5
d6e8db9623336362782eff915f4b1012
-
SHA1
64053f3528f6255db6da7585d78fe56751d8d799
-
SHA256
9b0de7000147cda00dc50b87efd2e61d88ff92d4e4b07774b377f8291bc63e18
-
SHA512
8ece79c97b6cc40367f2f5ceab21383bd67d77038c8c204a5b572e76536f74c672c176a95730b81c0f6b41497739b86c3a0c4fa136ae6d79eee554cba448694f
-
SSDEEP
24576:+yoCO97wlSxlXkN3wFS/gvuwRxINY81jgTf2:NK97wlq6adLx4R1U
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-