General
-
Target
4867365e5662d18ff0c1a414b74b9fc2adb852b48ce523d4497f104f02e4d84f
-
Size
1.0MB
-
Sample
230328-12vy6sdf25
-
MD5
42eb4a66e56b8abe59f7b36b9f07b980
-
SHA1
713434c55941db92804d2f3193e27bbe5c4eb99f
-
SHA256
4867365e5662d18ff0c1a414b74b9fc2adb852b48ce523d4497f104f02e4d84f
-
SHA512
61e5aadc99274f7671c9793e079ea5e6f6cb2bc791c9be26111307205f49430f0f4766032882c424df3cf60dadb1fa551ebfc09b5310ff57f0f7a1be2a1e8a64
-
SSDEEP
24576:ByHU7pdBF4/hZsATtC/DT0+eiDDVzvDgEXzD3o:0eTGhZxTtCreoJvDgEjD3
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nado
176.113.115.145:4125
-
auth_value
a648e365d8e0df895a84152ad68ffc56
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
4867365e5662d18ff0c1a414b74b9fc2adb852b48ce523d4497f104f02e4d84f
-
Size
1.0MB
-
MD5
42eb4a66e56b8abe59f7b36b9f07b980
-
SHA1
713434c55941db92804d2f3193e27bbe5c4eb99f
-
SHA256
4867365e5662d18ff0c1a414b74b9fc2adb852b48ce523d4497f104f02e4d84f
-
SHA512
61e5aadc99274f7671c9793e079ea5e6f6cb2bc791c9be26111307205f49430f0f4766032882c424df3cf60dadb1fa551ebfc09b5310ff57f0f7a1be2a1e8a64
-
SSDEEP
24576:ByHU7pdBF4/hZsATtC/DT0+eiDDVzvDgEXzD3o:0eTGhZxTtCreoJvDgEjD3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-