General
-
Target
835f77632878f70e84c0cf142109b293dab739f8b54f24cb7c082b36e6d8c719
-
Size
1.0MB
-
Sample
230326-er9tpafd84
-
MD5
10b1327e64b5325a8bfe07910a9c0be1
-
SHA1
eada7b3ff627cb36482f4ef57dcf9d4a123b43d5
-
SHA256
835f77632878f70e84c0cf142109b293dab739f8b54f24cb7c082b36e6d8c719
-
SHA512
1c3cb44e58152aa609aaa32738a0f77a68e7dca1c4229d8e97549e20463a486a0a1a736aa82744794a45e38c2c895ea8b1630c029bea6deeab4fd887348287e1
-
SSDEEP
24576:YywURTOVmvTlHr34C5gVAU7/1VWKDam0ZDE0AMJX:fwYlvTlL9yVTbb9DP+Ya
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
netu
193.233.20.32:4125
-
auth_value
9641925ae487005582b5cf30476dd305
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
835f77632878f70e84c0cf142109b293dab739f8b54f24cb7c082b36e6d8c719
-
Size
1.0MB
-
MD5
10b1327e64b5325a8bfe07910a9c0be1
-
SHA1
eada7b3ff627cb36482f4ef57dcf9d4a123b43d5
-
SHA256
835f77632878f70e84c0cf142109b293dab739f8b54f24cb7c082b36e6d8c719
-
SHA512
1c3cb44e58152aa609aaa32738a0f77a68e7dca1c4229d8e97549e20463a486a0a1a736aa82744794a45e38c2c895ea8b1630c029bea6deeab4fd887348287e1
-
SSDEEP
24576:YywURTOVmvTlHr34C5gVAU7/1VWKDam0ZDE0AMJX:fwYlvTlL9yVTbb9DP+Ya
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-