General
-
Target
c68792864187a79d461829cc1fa3784268cf928a5eeba480d0c8b95fdf72185a
-
Size
1.0MB
-
Sample
230328-p32bssbb26
-
MD5
dbf60c44f65f2275337509b71e7e32a6
-
SHA1
08502a83a3b13cd69dd689edad7cd7930d598b68
-
SHA256
c68792864187a79d461829cc1fa3784268cf928a5eeba480d0c8b95fdf72185a
-
SHA512
eae8af83a603be8b892476aa8d4bc0c58b27d35e9c5727e58545ab3d09c0127478375bde537a7f930be4794cf1d11dd5369ec94f6bd3d2fff8081f24ff71cd99
-
SSDEEP
24576:TywW7xzvBUd/x38ntRSQCykOCa1+v/Doy8Vnu0fS/Pe:mwk5c38KHOw70hfSn
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
luza
176.113.115.145:4125
-
auth_value
1261701914d508e02e8b4f25d38bc7f9
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
c68792864187a79d461829cc1fa3784268cf928a5eeba480d0c8b95fdf72185a
-
Size
1.0MB
-
MD5
dbf60c44f65f2275337509b71e7e32a6
-
SHA1
08502a83a3b13cd69dd689edad7cd7930d598b68
-
SHA256
c68792864187a79d461829cc1fa3784268cf928a5eeba480d0c8b95fdf72185a
-
SHA512
eae8af83a603be8b892476aa8d4bc0c58b27d35e9c5727e58545ab3d09c0127478375bde537a7f930be4794cf1d11dd5369ec94f6bd3d2fff8081f24ff71cd99
-
SSDEEP
24576:TywW7xzvBUd/x38ntRSQCykOCa1+v/Doy8Vnu0fS/Pe:mwk5c38KHOw70hfSn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-