General
-
Target
d2c334b91b416a324971144cfed0a720afbc37da73faa87698f73aec3ef7cfec
-
Size
1021KB
-
Sample
230323-y533vabh61
-
MD5
3753baead536b4de548e74fbee18303c
-
SHA1
5ce91bff1e0fe4a3c0fbd8d0ae1bb9bf162e3f4b
-
SHA256
d2c334b91b416a324971144cfed0a720afbc37da73faa87698f73aec3ef7cfec
-
SHA512
bb2d2c7d0836a0d9ef65bce08cb5498f85c7310116ba49202b587f018420513feb80d0fb17a627dbbbf5109cdc965e3f7a5aa4a47c2ff4511016e3327ff8c134
-
SSDEEP
24576:OyUeddhAcL6GGu57VfjvkwyoGBcMwhDPchnIiupCHvML:dUkdhAU6GGIxvjyoKcv0hDups
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
d2c334b91b416a324971144cfed0a720afbc37da73faa87698f73aec3ef7cfec
-
Size
1021KB
-
MD5
3753baead536b4de548e74fbee18303c
-
SHA1
5ce91bff1e0fe4a3c0fbd8d0ae1bb9bf162e3f4b
-
SHA256
d2c334b91b416a324971144cfed0a720afbc37da73faa87698f73aec3ef7cfec
-
SHA512
bb2d2c7d0836a0d9ef65bce08cb5498f85c7310116ba49202b587f018420513feb80d0fb17a627dbbbf5109cdc965e3f7a5aa4a47c2ff4511016e3327ff8c134
-
SSDEEP
24576:OyUeddhAcL6GGu57VfjvkwyoGBcMwhDPchnIiupCHvML:dUkdhAU6GGIxvjyoKcv0hDups
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-