General
-
Target
eb9e8e1ef52dde86a2007c37a32fba1d85fa70e1542ccbe7157656a980c8df20
-
Size
1.0MB
-
Sample
230324-yd8h9aha22
-
MD5
6a46bd82bed90cc39e8e02cb623ce3f9
-
SHA1
2b6963d885e492aaacf3bb644f28fd17799069d2
-
SHA256
eb9e8e1ef52dde86a2007c37a32fba1d85fa70e1542ccbe7157656a980c8df20
-
SHA512
74f48324d9523e1fc1acd870e771bf2783421a67f670ef0c0f715ddac899f3b52faf2acdb5dbb38ede5afe87cbe6c5e49381656f789c4aee00d2120c9672b7c4
-
SSDEEP
24576:CyX7vp+rtlrlHKbP+ZHTHOoc/EFGUMqGfvSxpaG:pX7Qn1KbP+RTu9/n3ixp
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
eb9e8e1ef52dde86a2007c37a32fba1d85fa70e1542ccbe7157656a980c8df20
-
Size
1.0MB
-
MD5
6a46bd82bed90cc39e8e02cb623ce3f9
-
SHA1
2b6963d885e492aaacf3bb644f28fd17799069d2
-
SHA256
eb9e8e1ef52dde86a2007c37a32fba1d85fa70e1542ccbe7157656a980c8df20
-
SHA512
74f48324d9523e1fc1acd870e771bf2783421a67f670ef0c0f715ddac899f3b52faf2acdb5dbb38ede5afe87cbe6c5e49381656f789c4aee00d2120c9672b7c4
-
SSDEEP
24576:CyX7vp+rtlrlHKbP+ZHTHOoc/EFGUMqGfvSxpaG:pX7Qn1KbP+RTu9/n3ixp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-