General
-
Target
147a1924d02283f1edae5f6376da1d07dafe43b131644f9e3d4f92c8e7b50ae1
-
Size
992KB
-
Sample
230401-j422tsgh43
-
MD5
ed23b6aae844b098da94d47af46a5b78
-
SHA1
05c5a08409f0b16d7cfa6283acabfb8d0b905273
-
SHA256
147a1924d02283f1edae5f6376da1d07dafe43b131644f9e3d4f92c8e7b50ae1
-
SHA512
8760cee3c70161fd9567cfad16ebd2e373f1ccc3d1a6029c10a97040e677e19f18fd56adae0599847bfb9cd1a97868e7aa77e0f1cd1434a2007887555813cdd6
-
SSDEEP
24576:Uy5xiiuJR83kbrRnC48MCToj7OQRd/Orm/4G7kn5XGXl:j5xGJVr1C4HAo3OYd/7Ay
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
147a1924d02283f1edae5f6376da1d07dafe43b131644f9e3d4f92c8e7b50ae1
-
Size
992KB
-
MD5
ed23b6aae844b098da94d47af46a5b78
-
SHA1
05c5a08409f0b16d7cfa6283acabfb8d0b905273
-
SHA256
147a1924d02283f1edae5f6376da1d07dafe43b131644f9e3d4f92c8e7b50ae1
-
SHA512
8760cee3c70161fd9567cfad16ebd2e373f1ccc3d1a6029c10a97040e677e19f18fd56adae0599847bfb9cd1a97868e7aa77e0f1cd1434a2007887555813cdd6
-
SSDEEP
24576:Uy5xiiuJR83kbrRnC48MCToj7OQRd/Orm/4G7kn5XGXl:j5xGJVr1C4HAo3OYd/7Ay
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-