General
-
Target
507e6c175b43ac24577032ea2eece8f63bc72874684a64b0be89fbd441e1bb63
-
Size
961KB
-
Sample
230320-lhnnescg54
-
MD5
c57782f9fe951a32bacb3279e721aee7
-
SHA1
329e4713de92563936518590221e5e48a96d5921
-
SHA256
507e6c175b43ac24577032ea2eece8f63bc72874684a64b0be89fbd441e1bb63
-
SHA512
a3125037eacefbd14ab624fc2776888f7d197d5b02beb17cdb4489f87ae9251e6eafb0d4b01c0324f67b0db44ba11fa1e0da183553b49333ec6192de47fe4aed
-
SSDEEP
12288:ZMrFy90yZhGlpNAAHWsbA5nn4JP0x/MQYATdTtLWX5cWF0ms5s2XiJl3JDqksyhz:IyhhMf84OxUJARJO5cWrs5s2XiJbRhz
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
507e6c175b43ac24577032ea2eece8f63bc72874684a64b0be89fbd441e1bb63
-
Size
961KB
-
MD5
c57782f9fe951a32bacb3279e721aee7
-
SHA1
329e4713de92563936518590221e5e48a96d5921
-
SHA256
507e6c175b43ac24577032ea2eece8f63bc72874684a64b0be89fbd441e1bb63
-
SHA512
a3125037eacefbd14ab624fc2776888f7d197d5b02beb17cdb4489f87ae9251e6eafb0d4b01c0324f67b0db44ba11fa1e0da183553b49333ec6192de47fe4aed
-
SSDEEP
12288:ZMrFy90yZhGlpNAAHWsbA5nn4JP0x/MQYATdTtLWX5cWF0ms5s2XiJl3JDqksyhz:IyhhMf84OxUJARJO5cWrs5s2XiJbRhz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-