General
-
Target
49c564e8977c6dbf01f909b5558042138733ea03db7f4fcd8302439916c61c80
-
Size
1.0MB
-
Sample
230324-3hwgpsaa48
-
MD5
affcb982165ca75625425b39c9627a1b
-
SHA1
ca18458b3172a4a492b83c3bacd28936997692cb
-
SHA256
49c564e8977c6dbf01f909b5558042138733ea03db7f4fcd8302439916c61c80
-
SHA512
b370600c35dd92c3cede631e750291f14cce92aefecea44817517756d34972bcea1155df8b566094da64febe22d670810fc7c22b13a009012591e787a4d7737f
-
SSDEEP
24576:cyDqPBTfBJMpkrAuKkSNiHlD1GQAugrLrmzBXMRCQ9:LOPbJM2sGLFD1GwcEXoj
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
49c564e8977c6dbf01f909b5558042138733ea03db7f4fcd8302439916c61c80
-
Size
1.0MB
-
MD5
affcb982165ca75625425b39c9627a1b
-
SHA1
ca18458b3172a4a492b83c3bacd28936997692cb
-
SHA256
49c564e8977c6dbf01f909b5558042138733ea03db7f4fcd8302439916c61c80
-
SHA512
b370600c35dd92c3cede631e750291f14cce92aefecea44817517756d34972bcea1155df8b566094da64febe22d670810fc7c22b13a009012591e787a4d7737f
-
SSDEEP
24576:cyDqPBTfBJMpkrAuKkSNiHlD1GQAugrLrmzBXMRCQ9:LOPbJM2sGLFD1GwcEXoj
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-