General
-
Target
9ba3f2155cafa26f8caa043491cf85c3a62a4d706f5edcff03a3383a4582c5aa
-
Size
990KB
-
Sample
230401-j1v44sab9s
-
MD5
64c0d37be9dcf93cf7294d7df5fcb4de
-
SHA1
a4a609b442d761d3dae3fd4020704ceda3133370
-
SHA256
9ba3f2155cafa26f8caa043491cf85c3a62a4d706f5edcff03a3383a4582c5aa
-
SHA512
4911b3bb9bc584dd737e19c96f0fb30cbd09ec92a9669b593ae8de8c5ddad2c2cfb90c0984554367e11d2ae73f9aed966778035ae0621ab5ccd297ca0d0a9533
-
SSDEEP
24576:Iy9RjkdAtcP8E5pDxMCajk0IHZmpnz10WZRW:P3jkfEQHILNeWZ
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
9ba3f2155cafa26f8caa043491cf85c3a62a4d706f5edcff03a3383a4582c5aa
-
Size
990KB
-
MD5
64c0d37be9dcf93cf7294d7df5fcb4de
-
SHA1
a4a609b442d761d3dae3fd4020704ceda3133370
-
SHA256
9ba3f2155cafa26f8caa043491cf85c3a62a4d706f5edcff03a3383a4582c5aa
-
SHA512
4911b3bb9bc584dd737e19c96f0fb30cbd09ec92a9669b593ae8de8c5ddad2c2cfb90c0984554367e11d2ae73f9aed966778035ae0621ab5ccd297ca0d0a9533
-
SSDEEP
24576:Iy9RjkdAtcP8E5pDxMCajk0IHZmpnz10WZRW:P3jkfEQHILNeWZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-