General
-
Target
7bce573b4a26ff2969a41cdb8729a3c2b9fb7c0dbcf37a087819ee8167fddfd7
-
Size
1.0MB
-
Sample
230328-2mxd5afd6v
-
MD5
3aed4bebfea05959d227624e9c361cd3
-
SHA1
5ad22af896d902f54f82709c9e3aaffcbb113e01
-
SHA256
7bce573b4a26ff2969a41cdb8729a3c2b9fb7c0dbcf37a087819ee8167fddfd7
-
SHA512
c6e9246d76112c3d013219edde4ede8626dd6aec82215ea59ca7204d232301b04079b54f8cf366493a501db5cd5516dee4aa825377057dbf8e529ca71888a2d3
-
SSDEEP
24576:vy/Fc/l/HBmjdGrsuqVoipunmjPtgW3dVofkPkZcQ:6/ilkIYpunOj3LofkT
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nado
176.113.115.145:4125
-
auth_value
a648e365d8e0df895a84152ad68ffc56
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
7bce573b4a26ff2969a41cdb8729a3c2b9fb7c0dbcf37a087819ee8167fddfd7
-
Size
1.0MB
-
MD5
3aed4bebfea05959d227624e9c361cd3
-
SHA1
5ad22af896d902f54f82709c9e3aaffcbb113e01
-
SHA256
7bce573b4a26ff2969a41cdb8729a3c2b9fb7c0dbcf37a087819ee8167fddfd7
-
SHA512
c6e9246d76112c3d013219edde4ede8626dd6aec82215ea59ca7204d232301b04079b54f8cf366493a501db5cd5516dee4aa825377057dbf8e529ca71888a2d3
-
SSDEEP
24576:vy/Fc/l/HBmjdGrsuqVoipunmjPtgW3dVofkPkZcQ:6/ilkIYpunOj3LofkT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-