General
-
Target
e2bff9535f98e86aa31d1da98a397c9a48475c9707d0008dc7dcde54c520ec42
-
Size
1.0MB
-
Sample
230328-m8nlsaaf33
-
MD5
0177bc164d932bffd59b5617c7243620
-
SHA1
35d3a693f4694d1afb2e911ae97a07139d4b6cf1
-
SHA256
e2bff9535f98e86aa31d1da98a397c9a48475c9707d0008dc7dcde54c520ec42
-
SHA512
d461554be0024692116788a2d4b5b85bfff82e48d874a2567dbd086d2f990cba49d94f0d12faebbda391a3f48810e11344b9f058962ca92b973770ffe7a6cb31
-
SSDEEP
24576:cyCJUxihj3OUkkOTfeJeD4qH53xC+U2WjSzEbOB996Lc2NBLb6vR:LCgeevJTAs4g53xLU2rgbOvIA
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
luza
176.113.115.145:4125
-
auth_value
1261701914d508e02e8b4f25d38bc7f9
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
e2bff9535f98e86aa31d1da98a397c9a48475c9707d0008dc7dcde54c520ec42
-
Size
1.0MB
-
MD5
0177bc164d932bffd59b5617c7243620
-
SHA1
35d3a693f4694d1afb2e911ae97a07139d4b6cf1
-
SHA256
e2bff9535f98e86aa31d1da98a397c9a48475c9707d0008dc7dcde54c520ec42
-
SHA512
d461554be0024692116788a2d4b5b85bfff82e48d874a2567dbd086d2f990cba49d94f0d12faebbda391a3f48810e11344b9f058962ca92b973770ffe7a6cb31
-
SSDEEP
24576:cyCJUxihj3OUkkOTfeJeD4qH53xC+U2WjSzEbOB996Lc2NBLb6vR:LCgeevJTAs4g53xLU2rgbOvIA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-