General
-
Target
2be58da3236d979e3a993f89211dc272a4f9dcc4b32618bd7bf411bbd4f8a5a0
-
Size
1.0MB
-
Sample
230326-e9dh7sfe44
-
MD5
d8c6359a610074a015bfa40cab0e2ceb
-
SHA1
748be23f892780a05aac2434e1485c4d37c3e484
-
SHA256
2be58da3236d979e3a993f89211dc272a4f9dcc4b32618bd7bf411bbd4f8a5a0
-
SHA512
42a08fc2fbeb412379a7649a3600f37b2b3c2ef0ccbf7cf3f710865c67f46497f86ff4b662f71090996ecb26e2d38eb37cd97d7e867c2b943df888b6a70f6d2c
-
SSDEEP
24576:2yDHB596MCqBg10TKLTIvayN1gI9oJ9v:FDYMCUgiTKU1b9oJ9
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
netu
193.233.20.32:4125
-
auth_value
9641925ae487005582b5cf30476dd305
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
2be58da3236d979e3a993f89211dc272a4f9dcc4b32618bd7bf411bbd4f8a5a0
-
Size
1.0MB
-
MD5
d8c6359a610074a015bfa40cab0e2ceb
-
SHA1
748be23f892780a05aac2434e1485c4d37c3e484
-
SHA256
2be58da3236d979e3a993f89211dc272a4f9dcc4b32618bd7bf411bbd4f8a5a0
-
SHA512
42a08fc2fbeb412379a7649a3600f37b2b3c2ef0ccbf7cf3f710865c67f46497f86ff4b662f71090996ecb26e2d38eb37cd97d7e867c2b943df888b6a70f6d2c
-
SSDEEP
24576:2yDHB596MCqBg10TKLTIvayN1gI9oJ9v:FDYMCUgiTKU1b9oJ9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-