General
-
Target
52a8923a5dca517844cabaf8b84b274d5527708b6248cfb7ca35269c00aa1b03
-
Size
1.0MB
-
Sample
230324-26f69ahh85
-
MD5
397d32819373c4bd46e22ad009802da6
-
SHA1
837b667a70570ff429978e81ef3e57e59566a633
-
SHA256
52a8923a5dca517844cabaf8b84b274d5527708b6248cfb7ca35269c00aa1b03
-
SHA512
f471ff43d95637b39786dc00ee50511f032a3ccc6dcd8aba2bdd05c98ee88f2352b126b8d4c88b434afb0777ed06b0bd362dc89c5da64c52c03d3da6aa36b187
-
SSDEEP
24576:AymYgTOqK87nzzgKeFVFe4Cu9WDB+WD30KyW:HmYgTJK8rA5VwJPDXf
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
52a8923a5dca517844cabaf8b84b274d5527708b6248cfb7ca35269c00aa1b03
-
Size
1.0MB
-
MD5
397d32819373c4bd46e22ad009802da6
-
SHA1
837b667a70570ff429978e81ef3e57e59566a633
-
SHA256
52a8923a5dca517844cabaf8b84b274d5527708b6248cfb7ca35269c00aa1b03
-
SHA512
f471ff43d95637b39786dc00ee50511f032a3ccc6dcd8aba2bdd05c98ee88f2352b126b8d4c88b434afb0777ed06b0bd362dc89c5da64c52c03d3da6aa36b187
-
SSDEEP
24576:AymYgTOqK87nzzgKeFVFe4Cu9WDB+WD30KyW:HmYgTJK8rA5VwJPDXf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-