General
-
Target
14dd51e7965e3cb32f8991f9e8b75339b8e73074bce15bdecb3f683383b876cc
-
Size
1002KB
-
Sample
230331-x95lsseb8z
-
MD5
1b7e8091aae6160e381192dafffe560c
-
SHA1
214c4857f13a95f46b475e7623cab56977081241
-
SHA256
14dd51e7965e3cb32f8991f9e8b75339b8e73074bce15bdecb3f683383b876cc
-
SHA512
2bb8d8c4771d0f22001c1013f8386e40dbbc3b3278f872d7d7d6f4324a982a3ab25b41f1fb94d0a61ceb100bd33f76ffa924c957cff9fbac233b8853d11444d5
-
SSDEEP
24576:oybN6Xc40UdqVabwRsx3xdep1Pt5b929HYl:vbN6Xc40Duw+xxCF5JM4
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
14dd51e7965e3cb32f8991f9e8b75339b8e73074bce15bdecb3f683383b876cc
-
Size
1002KB
-
MD5
1b7e8091aae6160e381192dafffe560c
-
SHA1
214c4857f13a95f46b475e7623cab56977081241
-
SHA256
14dd51e7965e3cb32f8991f9e8b75339b8e73074bce15bdecb3f683383b876cc
-
SHA512
2bb8d8c4771d0f22001c1013f8386e40dbbc3b3278f872d7d7d6f4324a982a3ab25b41f1fb94d0a61ceb100bd33f76ffa924c957cff9fbac233b8853d11444d5
-
SSDEEP
24576:oybN6Xc40UdqVabwRsx3xdep1Pt5b929HYl:vbN6Xc40Duw+xxCF5JM4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-