General
-
Target
7b1ed1c1a41f8f6095c82970b88c033d7dfdd38c676b606bf7c5fca61290ebea
-
Size
1.0MB
-
Sample
230326-c12hkahc3x
-
MD5
6d4ac7152fc035a051b84925efaf0cae
-
SHA1
60c4ba7a3ed47b038d3edeec841b3d69112d5d3d
-
SHA256
7b1ed1c1a41f8f6095c82970b88c033d7dfdd38c676b606bf7c5fca61290ebea
-
SHA512
6ed35969fe2d11ab296f1dfa675e4eddd75dacb4da0466f3450105fe9bebc9fe0ebd3b1d281b6e90b418d77bac6c3e4432f8137d5b4fb1018aa5739974c780c9
-
SSDEEP
24576:dyWub1rdPy4PQhhhlCpw1+f8FXM3NoTtMIC6YC0atonH1kNqXZ:4WO1rd9Q7hlCpO+fgMcC7CTSVk
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
netu
193.233.20.32:4125
-
auth_value
9641925ae487005582b5cf30476dd305
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
7b1ed1c1a41f8f6095c82970b88c033d7dfdd38c676b606bf7c5fca61290ebea
-
Size
1.0MB
-
MD5
6d4ac7152fc035a051b84925efaf0cae
-
SHA1
60c4ba7a3ed47b038d3edeec841b3d69112d5d3d
-
SHA256
7b1ed1c1a41f8f6095c82970b88c033d7dfdd38c676b606bf7c5fca61290ebea
-
SHA512
6ed35969fe2d11ab296f1dfa675e4eddd75dacb4da0466f3450105fe9bebc9fe0ebd3b1d281b6e90b418d77bac6c3e4432f8137d5b4fb1018aa5739974c780c9
-
SSDEEP
24576:dyWub1rdPy4PQhhhlCpw1+f8FXM3NoTtMIC6YC0atonH1kNqXZ:4WO1rd9Q7hlCpO+fgMcC7CTSVk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-