General
-
Target
3d645890de22b1d1546d02e759b9781e298be7f09ffcf44227c72d2d09ff9242
-
Size
1019KB
-
Sample
230321-hctqpsha96
-
MD5
b9ee1a87e578d52dee32a6f0b6110548
-
SHA1
9eab74d9a82460cef4302518dbe9e4cd0604a93b
-
SHA256
3d645890de22b1d1546d02e759b9781e298be7f09ffcf44227c72d2d09ff9242
-
SHA512
c03fbef67ca0a3e1c861a4b9aaa65564c158b272a3ed4e7a33a05ed3fa4bc14cf0ab432d37dd86eb99f2829aea8b44ff7315dd0113fff326376f65f2bb344c9e
-
SSDEEP
12288:mMr7y90e8+30yetDtsRhg2VmSkU/jKSZpt6INcEyfY9pa0te18VMIC:dyxf0yytW6W6AjKSzHxyapa04
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
vint
193.233.20.30:4125
-
auth_value
fb8811912f8370b3d23bffda092d88d0
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
3d645890de22b1d1546d02e759b9781e298be7f09ffcf44227c72d2d09ff9242
-
Size
1019KB
-
MD5
b9ee1a87e578d52dee32a6f0b6110548
-
SHA1
9eab74d9a82460cef4302518dbe9e4cd0604a93b
-
SHA256
3d645890de22b1d1546d02e759b9781e298be7f09ffcf44227c72d2d09ff9242
-
SHA512
c03fbef67ca0a3e1c861a4b9aaa65564c158b272a3ed4e7a33a05ed3fa4bc14cf0ab432d37dd86eb99f2829aea8b44ff7315dd0113fff326376f65f2bb344c9e
-
SSDEEP
12288:mMr7y90e8+30yetDtsRhg2VmSkU/jKSZpt6INcEyfY9pa0te18VMIC:dyxf0yytW6W6AjKSzHxyapa04
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-