General
-
Target
92cb5518e52bdb89021a166b902abf14c14d59961d82af4bb0ab0902771e8e60
-
Size
993KB
-
Sample
230401-lz1z3saf7t
-
MD5
93805be1a7f4e909b1bc5823f4aca32c
-
SHA1
47702101ea939d05690644224c6094306660e73c
-
SHA256
92cb5518e52bdb89021a166b902abf14c14d59961d82af4bb0ab0902771e8e60
-
SHA512
d5475d74de3c9701c6ffbd6bf76c62499747d56048683457cdbc8316dd9f06bb4701ff9d2efd9e592533dff0da2ed2459b7e6ea861242ea53a97bef364a254e7
-
SSDEEP
24576:IyU1QdIU8ez3oGY57vK/MfdtO2j0PxAmeQfMwBD8O:PheU3YGY57vDfXOZzFnI
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
92cb5518e52bdb89021a166b902abf14c14d59961d82af4bb0ab0902771e8e60
-
Size
993KB
-
MD5
93805be1a7f4e909b1bc5823f4aca32c
-
SHA1
47702101ea939d05690644224c6094306660e73c
-
SHA256
92cb5518e52bdb89021a166b902abf14c14d59961d82af4bb0ab0902771e8e60
-
SHA512
d5475d74de3c9701c6ffbd6bf76c62499747d56048683457cdbc8316dd9f06bb4701ff9d2efd9e592533dff0da2ed2459b7e6ea861242ea53a97bef364a254e7
-
SSDEEP
24576:IyU1QdIU8ez3oGY57vK/MfdtO2j0PxAmeQfMwBD8O:PheU3YGY57vDfXOZzFnI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-