General
-
Target
f924f3dea76b7e0073200dad7dad144d1ed044b496be2d5e0c6e4ef560ee58e0
-
Size
1.0MB
-
Sample
230324-2syjdaca4w
-
MD5
ad5f9259c137a64ed4424134074498ab
-
SHA1
f6f2112ed5277f5993144e59e47de993aea70038
-
SHA256
f924f3dea76b7e0073200dad7dad144d1ed044b496be2d5e0c6e4ef560ee58e0
-
SHA512
b534af1558ef090653866c99c5dbdfd1c69cee02d8fc8e451a6e10d1ae021edab2a0dbf11a218e14938509f145271d6f21b7aa55c19d6fb5864388a03bc007e8
-
SSDEEP
24576:cyW6iDHrDznaTbrxC8NNosTDURfyXk/d5LAYnQF1AQ:L+DHOvd5oWDQRDLovA
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
f924f3dea76b7e0073200dad7dad144d1ed044b496be2d5e0c6e4ef560ee58e0
-
Size
1.0MB
-
MD5
ad5f9259c137a64ed4424134074498ab
-
SHA1
f6f2112ed5277f5993144e59e47de993aea70038
-
SHA256
f924f3dea76b7e0073200dad7dad144d1ed044b496be2d5e0c6e4ef560ee58e0
-
SHA512
b534af1558ef090653866c99c5dbdfd1c69cee02d8fc8e451a6e10d1ae021edab2a0dbf11a218e14938509f145271d6f21b7aa55c19d6fb5864388a03bc007e8
-
SSDEEP
24576:cyW6iDHrDznaTbrxC8NNosTDURfyXk/d5LAYnQF1AQ:L+DHOvd5oWDQRDLovA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-