General
-
Target
b5558b7cac57f508a30b610d268279e195f9734ebdba084fda5059af2b41505b
-
Size
1.0MB
-
Sample
230326-lfcs5sga94
-
MD5
656c0b4b40d3739957e98136be25a2d5
-
SHA1
23c359586d09a6877bdd1d422816a486fc6266a4
-
SHA256
b5558b7cac57f508a30b610d268279e195f9734ebdba084fda5059af2b41505b
-
SHA512
9af0d21cfddb861e6b713cb2b96ea13c27e8662bf882777682a025c224d092b9047ee166d1333e85bfa29381a733d799e9e9d06dacca59c45b4f778465802e08
-
SSDEEP
24576:9y3Uh3U2nC+5DcNZkrpEK9dvNumsM1cevMcw6Sg1:Y3ahCIBp/rvE61dvMcw6N
Static task
static1
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
netu
193.233.20.32:4125
-
auth_value
9641925ae487005582b5cf30476dd305
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
b5558b7cac57f508a30b610d268279e195f9734ebdba084fda5059af2b41505b
-
Size
1.0MB
-
MD5
656c0b4b40d3739957e98136be25a2d5
-
SHA1
23c359586d09a6877bdd1d422816a486fc6266a4
-
SHA256
b5558b7cac57f508a30b610d268279e195f9734ebdba084fda5059af2b41505b
-
SHA512
9af0d21cfddb861e6b713cb2b96ea13c27e8662bf882777682a025c224d092b9047ee166d1333e85bfa29381a733d799e9e9d06dacca59c45b4f778465802e08
-
SSDEEP
24576:9y3Uh3U2nC+5DcNZkrpEK9dvNumsM1cevMcw6Sg1:Y3ahCIBp/rvE61dvMcw6N
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-