General
-
Target
e1d7b36eb3dbaac12a6b03fcd5563ff7ef79b74dab4a0b77c1434596778376e4
-
Size
1000KB
-
Sample
230331-zt734aeg4w
-
MD5
e2c6d30f2c6de5d8f8a776db8a8e01cd
-
SHA1
63382e71f2a5080518ba4fdb5abaef7dad5ee830
-
SHA256
e1d7b36eb3dbaac12a6b03fcd5563ff7ef79b74dab4a0b77c1434596778376e4
-
SHA512
f8dbca2a71b3a7289ca8aa4ef6fbc3f7c6b506760e3d7fb34e9f1fe1ebf34e21098a6ac0bddda9655fdb5a2e2ae0d0353a209652283bfc5464c4452f7c7209ef
-
SSDEEP
24576:wybKc4+MnujwpszJZSV/DemR3BXFi5VO1:3inewyzXapRXFi5
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
e1d7b36eb3dbaac12a6b03fcd5563ff7ef79b74dab4a0b77c1434596778376e4
-
Size
1000KB
-
MD5
e2c6d30f2c6de5d8f8a776db8a8e01cd
-
SHA1
63382e71f2a5080518ba4fdb5abaef7dad5ee830
-
SHA256
e1d7b36eb3dbaac12a6b03fcd5563ff7ef79b74dab4a0b77c1434596778376e4
-
SHA512
f8dbca2a71b3a7289ca8aa4ef6fbc3f7c6b506760e3d7fb34e9f1fe1ebf34e21098a6ac0bddda9655fdb5a2e2ae0d0353a209652283bfc5464c4452f7c7209ef
-
SSDEEP
24576:wybKc4+MnujwpszJZSV/DemR3BXFi5VO1:3inewyzXapRXFi5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-