General
-
Target
4c470cef5f470dc8aaa4753018140ab84380fc5b218afc8a724bf50706a5b100
-
Size
1021KB
-
Sample
230323-x68t2shf86
-
MD5
cf1bd76ab5288797ea2408704afc7db3
-
SHA1
4b8bce56926444c9758dc3f3c60b53a44f7691e9
-
SHA256
4c470cef5f470dc8aaa4753018140ab84380fc5b218afc8a724bf50706a5b100
-
SHA512
f9c280c711f03fae75e4ab52bcff57e5308256477866a52451ee880d7fb2a6f6165b71188628ec0535d5413fe063e956083b63a502b5dd1f64454cc59a95ee8c
-
SSDEEP
24576:GydXFb/ObTr/mEkX4822CwUOLX2xkN/DS42J56zAOe:VRh6d2452PUgmmN/+42izAO
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
4c470cef5f470dc8aaa4753018140ab84380fc5b218afc8a724bf50706a5b100
-
Size
1021KB
-
MD5
cf1bd76ab5288797ea2408704afc7db3
-
SHA1
4b8bce56926444c9758dc3f3c60b53a44f7691e9
-
SHA256
4c470cef5f470dc8aaa4753018140ab84380fc5b218afc8a724bf50706a5b100
-
SHA512
f9c280c711f03fae75e4ab52bcff57e5308256477866a52451ee880d7fb2a6f6165b71188628ec0535d5413fe063e956083b63a502b5dd1f64454cc59a95ee8c
-
SSDEEP
24576:GydXFb/ObTr/mEkX4822CwUOLX2xkN/DS42J56zAOe:VRh6d2452PUgmmN/+42izAO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-