General
-
Target
71e98d3db312853e96c8e7a372dc3e2d9315842b68425286ad9072f474b1e1fa
-
Size
1.0MB
-
Sample
230328-gss9faba6t
-
MD5
9a95ac594b53729fdf45773de79b15c7
-
SHA1
c4f6baa07febaa1b9b28b581302684732246e7ba
-
SHA256
71e98d3db312853e96c8e7a372dc3e2d9315842b68425286ad9072f474b1e1fa
-
SHA512
a6e62e6a8fc21b60423a90aec170acf88ac96d9e0fd33e2b2644479aa025d8a5f4df7b44b09332f698c506d2529bab5515670012147dc14a339f9356297023f9
-
SSDEEP
12288:RMruy90xFuOnzyUR3LW7JSdK0adQziL392RiNs69L8GqSuKz3y4Ogr/bzZGlrHz+:zymFuOzx3GOziDIN69L8zSuy3FDzZ8a
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
renta
176.113.115.145:4125
-
auth_value
359596fd5b36e9925ade4d9a1846bafb
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
71e98d3db312853e96c8e7a372dc3e2d9315842b68425286ad9072f474b1e1fa
-
Size
1.0MB
-
MD5
9a95ac594b53729fdf45773de79b15c7
-
SHA1
c4f6baa07febaa1b9b28b581302684732246e7ba
-
SHA256
71e98d3db312853e96c8e7a372dc3e2d9315842b68425286ad9072f474b1e1fa
-
SHA512
a6e62e6a8fc21b60423a90aec170acf88ac96d9e0fd33e2b2644479aa025d8a5f4df7b44b09332f698c506d2529bab5515670012147dc14a339f9356297023f9
-
SSDEEP
12288:RMruy90xFuOnzyUR3LW7JSdK0adQziL392RiNs69L8GqSuKz3y4Ogr/bzZGlrHz+:zymFuOzx3GOziDIN69L8zSuy3FDzZ8a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-