General
-
Target
de084439e439f5dad018a1fe9f155271ee032dab8bb5ae7aee444ffa33911c63
-
Size
1.0MB
-
Sample
230326-c6x3bshc4v
-
MD5
61fb5485b9a551bb0708835a338f0f61
-
SHA1
339ebec65eee497d0a21f15bc2a8b286423c7daa
-
SHA256
de084439e439f5dad018a1fe9f155271ee032dab8bb5ae7aee444ffa33911c63
-
SHA512
2ce66e22cab6250d100e01f84216b4d4e4d1f48b7629766c6228fa4c232910b27210bea0adf903af2a9591f54fbee0c2b53564d81b844d45e8103e499737f7fc
-
SSDEEP
12288:kMrFy90lPGxfMhOdFl6eZnUyNWydH6qioRV4ytiwj/+7cI/NP7FDzHz5dfTdQrZ:xyq+VB5ZUgWCH6qFooR/+7nJh3jCVA
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
netu
193.233.20.32:4125
-
auth_value
9641925ae487005582b5cf30476dd305
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
de084439e439f5dad018a1fe9f155271ee032dab8bb5ae7aee444ffa33911c63
-
Size
1.0MB
-
MD5
61fb5485b9a551bb0708835a338f0f61
-
SHA1
339ebec65eee497d0a21f15bc2a8b286423c7daa
-
SHA256
de084439e439f5dad018a1fe9f155271ee032dab8bb5ae7aee444ffa33911c63
-
SHA512
2ce66e22cab6250d100e01f84216b4d4e4d1f48b7629766c6228fa4c232910b27210bea0adf903af2a9591f54fbee0c2b53564d81b844d45e8103e499737f7fc
-
SSDEEP
12288:kMrFy90lPGxfMhOdFl6eZnUyNWydH6qioRV4ytiwj/+7cI/NP7FDzHz5dfTdQrZ:xyq+VB5ZUgWCH6qFooR/+7nJh3jCVA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-