General
-
Target
70587253e57f46661969ab405d8bb16f0f6f308d8f1fb2970e5cfcce6fd1c1cf
-
Size
1.0MB
-
Sample
230324-3bt1ascb3v
-
MD5
23b32b28b818679143e06f4c7a1475fb
-
SHA1
c49ea7a7f007e441144cfd801a626dd455788f5e
-
SHA256
70587253e57f46661969ab405d8bb16f0f6f308d8f1fb2970e5cfcce6fd1c1cf
-
SHA512
e49a7e6e5d663c3d36c1a47483ba66c78b0fc3a660c9995703ce2d72c3b30c85d143da090cb335fc048009ee37f79cfa67e86ca62fa6b11d2ade47fa4854596a
-
SSDEEP
24576:Fy155zyMgEZ26RZnXv341+fSCDvXrEkqzEpQK1:g15FvgEIqvBSCD8zE
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
70587253e57f46661969ab405d8bb16f0f6f308d8f1fb2970e5cfcce6fd1c1cf
-
Size
1.0MB
-
MD5
23b32b28b818679143e06f4c7a1475fb
-
SHA1
c49ea7a7f007e441144cfd801a626dd455788f5e
-
SHA256
70587253e57f46661969ab405d8bb16f0f6f308d8f1fb2970e5cfcce6fd1c1cf
-
SHA512
e49a7e6e5d663c3d36c1a47483ba66c78b0fc3a660c9995703ce2d72c3b30c85d143da090cb335fc048009ee37f79cfa67e86ca62fa6b11d2ade47fa4854596a
-
SSDEEP
24576:Fy155zyMgEZ26RZnXv341+fSCDvXrEkqzEpQK1:g15FvgEIqvBSCD8zE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-