General
-
Target
09be3be6e33faeaa2e45a6e08fddcef39c3d0a4cbc2b58a8a908d4257ac3edb6
-
Size
990KB
-
Sample
230401-j71yyaac4t
-
MD5
928f51a30d355da707d17c4448c16020
-
SHA1
2742fb0b2e6590382b4d3eb38362dd8756f5847c
-
SHA256
09be3be6e33faeaa2e45a6e08fddcef39c3d0a4cbc2b58a8a908d4257ac3edb6
-
SHA512
f8dd70c6179adef10168cc6631644a7e0cc1884cd0e70e6a7eb076f5585050dc8638566ef6658bb51aac56e0bc0fa0cf4e90996bbc6f520cba85afcaf9f94e52
-
SSDEEP
24576:CyLzi2yHOBX63uPUfssQojk8T7M8QdomnUr7dkRQ1Nr:pW8q3ffPQe+RfnTq
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
09be3be6e33faeaa2e45a6e08fddcef39c3d0a4cbc2b58a8a908d4257ac3edb6
-
Size
990KB
-
MD5
928f51a30d355da707d17c4448c16020
-
SHA1
2742fb0b2e6590382b4d3eb38362dd8756f5847c
-
SHA256
09be3be6e33faeaa2e45a6e08fddcef39c3d0a4cbc2b58a8a908d4257ac3edb6
-
SHA512
f8dd70c6179adef10168cc6631644a7e0cc1884cd0e70e6a7eb076f5585050dc8638566ef6658bb51aac56e0bc0fa0cf4e90996bbc6f520cba85afcaf9f94e52
-
SSDEEP
24576:CyLzi2yHOBX63uPUfssQojk8T7M8QdomnUr7dkRQ1Nr:pW8q3ffPQe+RfnTq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-