General
-
Target
bbcaa03479243cd2057b6ab265127fbfd86ee601af88fe4975255ee7e926ab8a
-
Size
1.0MB
-
Sample
230324-ekhrmaeb3v
-
MD5
0276d26c74bb7c320f4a422dfc98dfcf
-
SHA1
40aa69d13153e6b78430e85a43f2d9db9a0c90cd
-
SHA256
bbcaa03479243cd2057b6ab265127fbfd86ee601af88fe4975255ee7e926ab8a
-
SHA512
5062f5e55de24baa9154b00126a7b0bfb3ae282f36364930284bd1a14ccf9011a968218e1864520fd283a25e091de863138b7e2dbcb929734195b5913361ea8a
-
SSDEEP
24576:iy/tbEtYdlltEkjupd1ehlsjEF/SvheX8s8gbMrGXx1l:J1bE0tEkjufQhlsjEFKvxszMaX
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
bolt
193.233.20.31:4125
-
auth_value
29540c7bf0277243e2faf6601e15a754
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
redline
USA
65.108.152.34:37345
-
auth_value
01ecb56953469aaed8efad25c0f68a64
Targets
-
-
Target
bbcaa03479243cd2057b6ab265127fbfd86ee601af88fe4975255ee7e926ab8a
-
Size
1.0MB
-
MD5
0276d26c74bb7c320f4a422dfc98dfcf
-
SHA1
40aa69d13153e6b78430e85a43f2d9db9a0c90cd
-
SHA256
bbcaa03479243cd2057b6ab265127fbfd86ee601af88fe4975255ee7e926ab8a
-
SHA512
5062f5e55de24baa9154b00126a7b0bfb3ae282f36364930284bd1a14ccf9011a968218e1864520fd283a25e091de863138b7e2dbcb929734195b5913361ea8a
-
SSDEEP
24576:iy/tbEtYdlltEkjupd1ehlsjEF/SvheX8s8gbMrGXx1l:J1bE0tEkjufQhlsjEFKvxszMaX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-