General
-
Target
e97a11f95fb4f35994b0438764bc11db6232506fc7231ed55af2cf1f93236dcd
-
Size
1004KB
-
Sample
230320-fv9tjaea4x
-
MD5
7e15ae0a28a3aee465a6809e9d0b210b
-
SHA1
54057c1c649220c8ee0c1af889873947eedf3a71
-
SHA256
e97a11f95fb4f35994b0438764bc11db6232506fc7231ed55af2cf1f93236dcd
-
SHA512
f2f192889ce82de76cd21bf1655741cd0a958531c25d266d9a6ac27645c7b5a719806a2c86875652f9ba6308f69c489b1f8b2815b84288e398ea328680c1e10f
-
SSDEEP
24576:QyKcFXmOYqgX8YJOZ/WJOAbXYUBnkzBQDrug6W:XKcAkgX8EO9+WI
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
e97a11f95fb4f35994b0438764bc11db6232506fc7231ed55af2cf1f93236dcd
-
Size
1004KB
-
MD5
7e15ae0a28a3aee465a6809e9d0b210b
-
SHA1
54057c1c649220c8ee0c1af889873947eedf3a71
-
SHA256
e97a11f95fb4f35994b0438764bc11db6232506fc7231ed55af2cf1f93236dcd
-
SHA512
f2f192889ce82de76cd21bf1655741cd0a958531c25d266d9a6ac27645c7b5a719806a2c86875652f9ba6308f69c489b1f8b2815b84288e398ea328680c1e10f
-
SSDEEP
24576:QyKcFXmOYqgX8YJOZ/WJOAbXYUBnkzBQDrug6W:XKcAkgX8EO9+WI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-