General
-
Target
e4a7e7200b06856490051b2fa588af9e7573893714195bfa9befdda89b847ca2
-
Size
1.0MB
-
Sample
230323-3lh1saah22
-
MD5
32db9ab4668b8df9d90d8b3f8f4ad9f0
-
SHA1
fe0623b4b705170e69925adf7e4b5f0d3463a9ec
-
SHA256
e4a7e7200b06856490051b2fa588af9e7573893714195bfa9befdda89b847ca2
-
SHA512
33bc2fd77a2f55765f1d591d6917bbb900b70ac615fc3ad9c520910406a71b5232a0002d8691a4cbbce42c115e0781414b3ca8e7c703ad8c11eae05e4a410458
-
SSDEEP
24576:CyfIJ7QbpJqa79sPKjw+Rxnf3oUO+k38Px:pgGbW2SysgVoUqy
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
e4a7e7200b06856490051b2fa588af9e7573893714195bfa9befdda89b847ca2
-
Size
1.0MB
-
MD5
32db9ab4668b8df9d90d8b3f8f4ad9f0
-
SHA1
fe0623b4b705170e69925adf7e4b5f0d3463a9ec
-
SHA256
e4a7e7200b06856490051b2fa588af9e7573893714195bfa9befdda89b847ca2
-
SHA512
33bc2fd77a2f55765f1d591d6917bbb900b70ac615fc3ad9c520910406a71b5232a0002d8691a4cbbce42c115e0781414b3ca8e7c703ad8c11eae05e4a410458
-
SSDEEP
24576:CyfIJ7QbpJqa79sPKjw+Rxnf3oUO+k38Px:pgGbW2SysgVoUqy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-