General
-
Target
3aad38c7e7181e87571fc598dccdba9170c6451290c6a96793d40f35198b52c9
-
Size
992KB
-
Sample
230401-m85v3aba5t
-
MD5
b3b477c5db2b9fea964baf4632c261ae
-
SHA1
1ddbef7fd0bb20b742ecdf6678131eea4d2d3b47
-
SHA256
3aad38c7e7181e87571fc598dccdba9170c6451290c6a96793d40f35198b52c9
-
SHA512
2a2e1686a2fc0be494af5601664906b657776bbbf681c994eaaff362bece11a15fb9a8938dddc7bab5c9b076287182dfb587c0179ce2540cd1313253c21fb511
-
SSDEEP
24576:Uymsd5wh7LWJV82K82IVlNmCTZO1vTPArTqFJ:jrTwhmJV829zca4TqGF
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
3aad38c7e7181e87571fc598dccdba9170c6451290c6a96793d40f35198b52c9
-
Size
992KB
-
MD5
b3b477c5db2b9fea964baf4632c261ae
-
SHA1
1ddbef7fd0bb20b742ecdf6678131eea4d2d3b47
-
SHA256
3aad38c7e7181e87571fc598dccdba9170c6451290c6a96793d40f35198b52c9
-
SHA512
2a2e1686a2fc0be494af5601664906b657776bbbf681c994eaaff362bece11a15fb9a8938dddc7bab5c9b076287182dfb587c0179ce2540cd1313253c21fb511
-
SSDEEP
24576:Uymsd5wh7LWJV82K82IVlNmCTZO1vTPArTqFJ:jrTwhmJV829zca4TqGF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-