General
-
Target
681ea731e7a6a47bf239d517ec23a5b02e1dc5baeffbc70973730aada8192470
-
Size
1020KB
-
Sample
230323-zf2ddsaa69
-
MD5
c483999daf0c0e5b335e92be7eb02c41
-
SHA1
bbbc1d5a854702aac86312a97644fe3685ced359
-
SHA256
681ea731e7a6a47bf239d517ec23a5b02e1dc5baeffbc70973730aada8192470
-
SHA512
97073c0a322c06971a0f6aa44502f356ed01b7180ca9c25598cd540e3fe702665ee40526a13cec87fd169fca4d973f728d3cad5737483e36dc77ee475284f692
-
SSDEEP
24576:LyFP9L7GPRrJcaAx1GJ96YDD2SMKHcedDI+yNbz:+F1LwRrJc72ESkep+b
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
lown
193.233.20.31:4125
-
auth_value
4cf836e062bcdc2a4fdbf410f5747ec7
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
681ea731e7a6a47bf239d517ec23a5b02e1dc5baeffbc70973730aada8192470
-
Size
1020KB
-
MD5
c483999daf0c0e5b335e92be7eb02c41
-
SHA1
bbbc1d5a854702aac86312a97644fe3685ced359
-
SHA256
681ea731e7a6a47bf239d517ec23a5b02e1dc5baeffbc70973730aada8192470
-
SHA512
97073c0a322c06971a0f6aa44502f356ed01b7180ca9c25598cd540e3fe702665ee40526a13cec87fd169fca4d973f728d3cad5737483e36dc77ee475284f692
-
SSDEEP
24576:LyFP9L7GPRrJcaAx1GJ96YDD2SMKHcedDI+yNbz:+F1LwRrJc72ESkep+b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-