General
-
Target
658b1a1ace1e6a0d4d419625c6ca46aa4793622d2789d480869a9b3c9ef32f60
-
Size
992KB
-
Sample
230401-lgzz3aae6z
-
MD5
089d9aaa492498b376babfb950b9810a
-
SHA1
4739b2ba16a256593d41b4322a3a5262fc6815bf
-
SHA256
658b1a1ace1e6a0d4d419625c6ca46aa4793622d2789d480869a9b3c9ef32f60
-
SHA512
289ebb711449378938eaad5355fa9141dcc1c289edbf6efb6a81565e1ac1f8eb84b0949269dda2beffd9c6b3847de7895cab86d13694494f05d68f1004e17eca
-
SSDEEP
12288:oMrqy90Ch1A/WOj8fHES7ZoZjzK65k06v7lOu/C6cv4ZMt4MxIFKd4IruJON18DJ:Sy1ajIHES7Zo5zajv9H1Mt4nPmzyDsQ
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
658b1a1ace1e6a0d4d419625c6ca46aa4793622d2789d480869a9b3c9ef32f60
-
Size
992KB
-
MD5
089d9aaa492498b376babfb950b9810a
-
SHA1
4739b2ba16a256593d41b4322a3a5262fc6815bf
-
SHA256
658b1a1ace1e6a0d4d419625c6ca46aa4793622d2789d480869a9b3c9ef32f60
-
SHA512
289ebb711449378938eaad5355fa9141dcc1c289edbf6efb6a81565e1ac1f8eb84b0949269dda2beffd9c6b3847de7895cab86d13694494f05d68f1004e17eca
-
SSDEEP
12288:oMrqy90Ch1A/WOj8fHES7ZoZjzK65k06v7lOu/C6cv4ZMt4MxIFKd4IruJON18DJ:Sy1ajIHES7Zo5zajv9H1Mt4nPmzyDsQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-