General
-
Target
690757d17926cf1303246e5bc39b755143cbaeed10d11caf04a4bffbc91fd4d8
-
Size
1004KB
-
Sample
230328-evknzagh54
-
MD5
90ea4b12228977dc872ea1efe1ea50cc
-
SHA1
91ac74138528717e855a2d75d987e134d7dd3646
-
SHA256
690757d17926cf1303246e5bc39b755143cbaeed10d11caf04a4bffbc91fd4d8
-
SHA512
9fd4d58a6314e442d712ed5fa41eba716b316b5e83fd8930546b52aa4339a9e7d86814c3874c014425e7fd725785f8af00bb1febce7ae367d716d82eb5dcad74
-
SSDEEP
12288:3Mrly90JImIxFvhFkbn72BMT5yYq/EUh94cQcC5v3aKFmJ5vo7infiPN73a2mhsQ:2yFmg+AMlmhsh3aymJ5UinaPNja11v
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
renta
176.113.115.145:4125
-
auth_value
359596fd5b36e9925ade4d9a1846bafb
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
690757d17926cf1303246e5bc39b755143cbaeed10d11caf04a4bffbc91fd4d8
-
Size
1004KB
-
MD5
90ea4b12228977dc872ea1efe1ea50cc
-
SHA1
91ac74138528717e855a2d75d987e134d7dd3646
-
SHA256
690757d17926cf1303246e5bc39b755143cbaeed10d11caf04a4bffbc91fd4d8
-
SHA512
9fd4d58a6314e442d712ed5fa41eba716b316b5e83fd8930546b52aa4339a9e7d86814c3874c014425e7fd725785f8af00bb1febce7ae367d716d82eb5dcad74
-
SSDEEP
12288:3Mrly90JImIxFvhFkbn72BMT5yYq/EUh94cQcC5v3aKFmJ5vo7infiPN73a2mhsQ:2yFmg+AMlmhsh3aymJ5UinaPNja11v
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-