General
-
Target
fd0b00db3638d9ef832ea204d94d182271ba5159841930ed1cb2177ec7c9e8ea
-
Size
1023KB
-
Sample
230323-w7ef6abd4v
-
MD5
fad90b59366c233be43783658886975c
-
SHA1
bc73cbf361a04a8fa448251977f5a17b220ded07
-
SHA256
fd0b00db3638d9ef832ea204d94d182271ba5159841930ed1cb2177ec7c9e8ea
-
SHA512
283e056f1443c707fab8e91e4942d1d7b2c8904f493cb6fcb4deb8331273f7a7ae96889291ab1f124c707761ba4e30d57121b14531d5667af03e758cfb0c8447
-
SSDEEP
24576:eyoLJFiCBaqGGPOU45Jt56XiqtlasqftAp5oltyAEnHhF9k3Yxx:tmFMNGPT45Jt56Sqtlx4tA5Cxu+
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
fd0b00db3638d9ef832ea204d94d182271ba5159841930ed1cb2177ec7c9e8ea
-
Size
1023KB
-
MD5
fad90b59366c233be43783658886975c
-
SHA1
bc73cbf361a04a8fa448251977f5a17b220ded07
-
SHA256
fd0b00db3638d9ef832ea204d94d182271ba5159841930ed1cb2177ec7c9e8ea
-
SHA512
283e056f1443c707fab8e91e4942d1d7b2c8904f493cb6fcb4deb8331273f7a7ae96889291ab1f124c707761ba4e30d57121b14531d5667af03e758cfb0c8447
-
SSDEEP
24576:eyoLJFiCBaqGGPOU45Jt56XiqtlasqftAp5oltyAEnHhF9k3Yxx:tmFMNGPT45Jt56Sqtlx4tA5Cxu+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-