General
-
Target
bfa9dd09707ce0d36d832e6d203b606784cb7486ed71d72a8cd4157b5ede9814
-
Size
1000KB
-
Sample
230331-xgs3asce77
-
MD5
37b7b8be058255271859d1b0a9448d3b
-
SHA1
6b68f5af203811eec29f70899cd621b8d13fccde
-
SHA256
bfa9dd09707ce0d36d832e6d203b606784cb7486ed71d72a8cd4157b5ede9814
-
SHA512
c9e58dea8a586ce176a3035bf2fde8820b74b46355fac5992981c2f02ee3db7d79a6f719b269a1bad3bb80dc8f876ca8525569a6520f7521a37911093334a8c6
-
SSDEEP
24576:KyGIT9cpCb0aCayzr6e03xqo0h/mMwF6H13Hpj4X:RGQb0aCay/6e0BsddwoVHpj4
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
bfa9dd09707ce0d36d832e6d203b606784cb7486ed71d72a8cd4157b5ede9814
-
Size
1000KB
-
MD5
37b7b8be058255271859d1b0a9448d3b
-
SHA1
6b68f5af203811eec29f70899cd621b8d13fccde
-
SHA256
bfa9dd09707ce0d36d832e6d203b606784cb7486ed71d72a8cd4157b5ede9814
-
SHA512
c9e58dea8a586ce176a3035bf2fde8820b74b46355fac5992981c2f02ee3db7d79a6f719b269a1bad3bb80dc8f876ca8525569a6520f7521a37911093334a8c6
-
SSDEEP
24576:KyGIT9cpCb0aCayzr6e03xqo0h/mMwF6H13Hpj4X:RGQb0aCay/6e0BsddwoVHpj4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-