General
-
Target
6e02d5be63be273b204cdb0ad7acf934d5a221f33fad0adba384b096140cf841
-
Size
1002KB
-
Sample
230320-c38pnabd96
-
MD5
54e6d9b88058c55210955a297445348a
-
SHA1
4080584417ca41043f1e3f4894828402f9f8bcfb
-
SHA256
6e02d5be63be273b204cdb0ad7acf934d5a221f33fad0adba384b096140cf841
-
SHA512
38c5c3f7b28ccaf1ad6b1ea31ea64421286a7e0c33b23f489c494340a8f57ae60b3b7a91cafb156d507d17e4a8cdfcb7799671dadd5a667822637200569d858f
-
SSDEEP
24576:qyyOQwnM0kyUruLmLEW/akDOD1FfTUg0kzTustP:x6wM0klAmyk61x7Tt
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
6e02d5be63be273b204cdb0ad7acf934d5a221f33fad0adba384b096140cf841
-
Size
1002KB
-
MD5
54e6d9b88058c55210955a297445348a
-
SHA1
4080584417ca41043f1e3f4894828402f9f8bcfb
-
SHA256
6e02d5be63be273b204cdb0ad7acf934d5a221f33fad0adba384b096140cf841
-
SHA512
38c5c3f7b28ccaf1ad6b1ea31ea64421286a7e0c33b23f489c494340a8f57ae60b3b7a91cafb156d507d17e4a8cdfcb7799671dadd5a667822637200569d858f
-
SSDEEP
24576:qyyOQwnM0kyUruLmLEW/akDOD1FfTUg0kzTustP:x6wM0klAmyk61x7Tt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-