General
-
Target
e4cf4b900d9e9bbb36b9021a85218569e205e828fc541941ad66c7015517a9fa
-
Size
1.0MB
-
Sample
230331-j8l66sha34
-
MD5
d6419ebd316ead612a957f2599de1861
-
SHA1
ae1e1d43701db5029ca80a0e41064c144bde52b7
-
SHA256
e4cf4b900d9e9bbb36b9021a85218569e205e828fc541941ad66c7015517a9fa
-
SHA512
c143bca377aeaf8b427e9fc83c5cc468f15e3b6dd24370eb8f22c379ffae480405b4698a2edaa1234b2c59ee549911c79a44e2389997e1a09becfb9d625635e1
-
SSDEEP
24576:LylHwLe/lzKVsBmUmHg0wfLAktrKNPheOue:+l9dzKVDU2l2kkAPUOu
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
liba
176.113.115.145:4125
-
auth_value
1a62e130767ad862d1fb9d7ab0115025
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
e4cf4b900d9e9bbb36b9021a85218569e205e828fc541941ad66c7015517a9fa
-
Size
1.0MB
-
MD5
d6419ebd316ead612a957f2599de1861
-
SHA1
ae1e1d43701db5029ca80a0e41064c144bde52b7
-
SHA256
e4cf4b900d9e9bbb36b9021a85218569e205e828fc541941ad66c7015517a9fa
-
SHA512
c143bca377aeaf8b427e9fc83c5cc468f15e3b6dd24370eb8f22c379ffae480405b4698a2edaa1234b2c59ee549911c79a44e2389997e1a09becfb9d625635e1
-
SSDEEP
24576:LylHwLe/lzKVsBmUmHg0wfLAktrKNPheOue:+l9dzKVDU2l2kkAPUOu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-