General
-
Target
cce1430df195977f9e865f57a00bd99a6c9f58cc79bbf8ad486a18e23883729a
-
Size
1014KB
-
Sample
230324-r1hssafb29
-
MD5
ac31e14ea7539cd7a120b18d6cd565f8
-
SHA1
ddba13163ade5fc2424d601d7d56f87f45bf987d
-
SHA256
cce1430df195977f9e865f57a00bd99a6c9f58cc79bbf8ad486a18e23883729a
-
SHA512
5074c1041db38664b9b31265f3b2795990c787b6b93fd9edc1db7aca36e42f428af5438fbf300942e2b647d26926b2759dc2271565e0b32ec8f682c6817a1bfe
-
SSDEEP
24576:ey3QjNdtY6werlQNXibh71w1jDOvgPds1fwKV:tgjNdW6B8SV1w4gVs1f
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
cce1430df195977f9e865f57a00bd99a6c9f58cc79bbf8ad486a18e23883729a
-
Size
1014KB
-
MD5
ac31e14ea7539cd7a120b18d6cd565f8
-
SHA1
ddba13163ade5fc2424d601d7d56f87f45bf987d
-
SHA256
cce1430df195977f9e865f57a00bd99a6c9f58cc79bbf8ad486a18e23883729a
-
SHA512
5074c1041db38664b9b31265f3b2795990c787b6b93fd9edc1db7aca36e42f428af5438fbf300942e2b647d26926b2759dc2271565e0b32ec8f682c6817a1bfe
-
SSDEEP
24576:ey3QjNdtY6werlQNXibh71w1jDOvgPds1fwKV:tgjNdW6B8SV1w4gVs1f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-