General
-
Target
f9081ce8e999f24b11ab1c41c878ddf16cbe717890e7a914a59049f4178faf35
-
Size
1001KB
-
Sample
230331-zbnlqsee8v
-
MD5
38055e9a229d0b28053e3ece395f3dbe
-
SHA1
c963d80560bda551a61bf9bf4341c951ab636974
-
SHA256
f9081ce8e999f24b11ab1c41c878ddf16cbe717890e7a914a59049f4178faf35
-
SHA512
004fceb69eda022ff75551f50d2d9568f143e2ac5d2a5166820d8fa6347fd3dd3c99f85827175d6c18baf0f3cb62e148c50087dbe4501d5bc7bd3a0517ffe227
-
SSDEEP
24576:+y1vHx1gbdJUOVKvd2QK/V0kpiA3bb2pB4DhLaBER9rR:N1vHx1gbdJpm2QK/u8P2n4DhzLr
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
f9081ce8e999f24b11ab1c41c878ddf16cbe717890e7a914a59049f4178faf35
-
Size
1001KB
-
MD5
38055e9a229d0b28053e3ece395f3dbe
-
SHA1
c963d80560bda551a61bf9bf4341c951ab636974
-
SHA256
f9081ce8e999f24b11ab1c41c878ddf16cbe717890e7a914a59049f4178faf35
-
SHA512
004fceb69eda022ff75551f50d2d9568f143e2ac5d2a5166820d8fa6347fd3dd3c99f85827175d6c18baf0f3cb62e148c50087dbe4501d5bc7bd3a0517ffe227
-
SSDEEP
24576:+y1vHx1gbdJUOVKvd2QK/V0kpiA3bb2pB4DhLaBER9rR:N1vHx1gbdJpm2QK/u8P2n4DhzLr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-