General
-
Target
bdf734d2e8bbb42c6c2d53be3f7868890e096e0401684570627b5da9007cd338
-
Size
1.0MB
-
Sample
230326-25dpqscd8z
-
MD5
235e0a32ca4682f650b6b5e2e675fb86
-
SHA1
30789088f4ddde9d2815b8e0173749fe70e584c6
-
SHA256
bdf734d2e8bbb42c6c2d53be3f7868890e096e0401684570627b5da9007cd338
-
SHA512
abb8c2e4d300e4fa0a9177917d39fe673f0df23bd8ebe7bbe1e25d1eebf897e5ca62d3cb1e4f030b6ca56ecdce2c294353431491d4a37c9b087fb3479ef9a241
-
SSDEEP
24576:Ryd/kiKt9PIbh5SRCwe+LwfIWWGBKl81I:Ed/kiKHPI15SUXgwfIWWGwl81
Static task
static1
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
fort
193.233.20.33:4125
-
auth_value
5ea5673154a804d8c80f565f7276f720
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
redline
66.42.108.195:40499
-
auth_value
f93019ca42e7f9440be3a7ee1ebc636d
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
bdf734d2e8bbb42c6c2d53be3f7868890e096e0401684570627b5da9007cd338
-
Size
1.0MB
-
MD5
235e0a32ca4682f650b6b5e2e675fb86
-
SHA1
30789088f4ddde9d2815b8e0173749fe70e584c6
-
SHA256
bdf734d2e8bbb42c6c2d53be3f7868890e096e0401684570627b5da9007cd338
-
SHA512
abb8c2e4d300e4fa0a9177917d39fe673f0df23bd8ebe7bbe1e25d1eebf897e5ca62d3cb1e4f030b6ca56ecdce2c294353431491d4a37c9b087fb3479ef9a241
-
SSDEEP
24576:Ryd/kiKt9PIbh5SRCwe+LwfIWWGBKl81I:Ed/kiKHPI15SUXgwfIWWGwl81
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-