General
-
Target
96154f151072d84967e8aa59f8c01380abb31bd855a884c3bc843144fc80aefd
-
Size
1001KB
-
Sample
230331-t67p7sbg24
-
MD5
a8aae1b607b70a7e8ca305ac21171bd1
-
SHA1
45e95d3c86b7dd0fc4042065786ce9621918ac2d
-
SHA256
96154f151072d84967e8aa59f8c01380abb31bd855a884c3bc843144fc80aefd
-
SHA512
1702ef2a4d7acafe1cd133ff4414f460e6e6e6629373ce0ca207c71bec6e27d1b8b50d920627136e32043580ce8b28f1fac1fc98c15f44115da437157e3e59b0
-
SSDEEP
24576:1yqofKqUIQCrBJ7q/kOyolT75gy09Jm3H6:QfCqoCrBZijay0rm3H
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
96154f151072d84967e8aa59f8c01380abb31bd855a884c3bc843144fc80aefd
-
Size
1001KB
-
MD5
a8aae1b607b70a7e8ca305ac21171bd1
-
SHA1
45e95d3c86b7dd0fc4042065786ce9621918ac2d
-
SHA256
96154f151072d84967e8aa59f8c01380abb31bd855a884c3bc843144fc80aefd
-
SHA512
1702ef2a4d7acafe1cd133ff4414f460e6e6e6629373ce0ca207c71bec6e27d1b8b50d920627136e32043580ce8b28f1fac1fc98c15f44115da437157e3e59b0
-
SSDEEP
24576:1yqofKqUIQCrBJ7q/kOyolT75gy09Jm3H6:QfCqoCrBZijay0rm3H
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-