General
-
Target
8305b396b07c32c048c5dc357f1431c2e3860c85e238dfe3fc1bcd08094a201a
-
Size
991KB
-
Sample
230331-w6zqpsce22
-
MD5
c854d35cb04b383391535ed9b5c1a48c
-
SHA1
685f5ba6f196d28295141eef978b0bcecc43b7ca
-
SHA256
8305b396b07c32c048c5dc357f1431c2e3860c85e238dfe3fc1bcd08094a201a
-
SHA512
827b66c6c6dc9ef00c9a7171d2121f896207377cfde2f815ad6ad362acccf53f32b670847612019088b55632c366df9f362712ca8b6aefe2592a1cfac83100fe
-
SSDEEP
24576:HyfQg8dh1JLpXlQgxChmecCo7h5/Qi6H9cM8ZvWyUzv:SogqHlpXGgxCho7z/Qio6M8V
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
8305b396b07c32c048c5dc357f1431c2e3860c85e238dfe3fc1bcd08094a201a
-
Size
991KB
-
MD5
c854d35cb04b383391535ed9b5c1a48c
-
SHA1
685f5ba6f196d28295141eef978b0bcecc43b7ca
-
SHA256
8305b396b07c32c048c5dc357f1431c2e3860c85e238dfe3fc1bcd08094a201a
-
SHA512
827b66c6c6dc9ef00c9a7171d2121f896207377cfde2f815ad6ad362acccf53f32b670847612019088b55632c366df9f362712ca8b6aefe2592a1cfac83100fe
-
SSDEEP
24576:HyfQg8dh1JLpXlQgxChmecCo7h5/Qi6H9cM8ZvWyUzv:SogqHlpXGgxCho7z/Qio6M8V
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-