General
-
Target
6b76bf613b4f8e05a81018bceef3937f14910fe1bb05f60e29c9067e80228f71
-
Size
1.0MB
-
Sample
230324-xm1pbsah2y
-
MD5
fac1c2a6f009e0e36bd24512287920f7
-
SHA1
1a480dd8db04ddd51eda5fe2865113e45a0d1260
-
SHA256
6b76bf613b4f8e05a81018bceef3937f14910fe1bb05f60e29c9067e80228f71
-
SHA512
5f6bcfcb5b4a013013eeb606f5d90d59929740112b02df92e19637d59faae637beb3e2890c870ef195cd25467fc8b577792e2b61c30868aece829cbec6cac64f
-
SSDEEP
12288:VMrly90XZ/MReDyr5Il5+Spd1NpgBieJr79vD/Xh10mX/s7N+/SXwR459jdjstw:wy8/bCbc6iel9v6xH9hjsYmH1
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
6b76bf613b4f8e05a81018bceef3937f14910fe1bb05f60e29c9067e80228f71
-
Size
1.0MB
-
MD5
fac1c2a6f009e0e36bd24512287920f7
-
SHA1
1a480dd8db04ddd51eda5fe2865113e45a0d1260
-
SHA256
6b76bf613b4f8e05a81018bceef3937f14910fe1bb05f60e29c9067e80228f71
-
SHA512
5f6bcfcb5b4a013013eeb606f5d90d59929740112b02df92e19637d59faae637beb3e2890c870ef195cd25467fc8b577792e2b61c30868aece829cbec6cac64f
-
SSDEEP
12288:VMrly90XZ/MReDyr5Il5+Spd1NpgBieJr79vD/Xh10mX/s7N+/SXwR459jdjstw:wy8/bCbc6iel9v6xH9hjsYmH1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-