General
-
Target
9702cef8c63f6b532a4522dcda5b0987de496befbfef2625638c5d23cf2530da
-
Size
990KB
-
Sample
230401-mc6sgshd33
-
MD5
c56d0891f0e78da507bfc75a227ed3ab
-
SHA1
9760d752417315d895c6061a905d7a82805d064a
-
SHA256
9702cef8c63f6b532a4522dcda5b0987de496befbfef2625638c5d23cf2530da
-
SHA512
eac5b4fe8dfde97ed421344a2179504314f63f9535b7c9269396c085fdc884bb25842fce4d12cc5108de198feb3657e3a977a9c03ce520075babcc0915fda1db
-
SSDEEP
24576:iyYGrhzZoptQaNyNP50+/x7/U7u9fmqwx8z6H:JYGVZYQaNyNBj/F/U7u9Oqnz
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
9702cef8c63f6b532a4522dcda5b0987de496befbfef2625638c5d23cf2530da
-
Size
990KB
-
MD5
c56d0891f0e78da507bfc75a227ed3ab
-
SHA1
9760d752417315d895c6061a905d7a82805d064a
-
SHA256
9702cef8c63f6b532a4522dcda5b0987de496befbfef2625638c5d23cf2530da
-
SHA512
eac5b4fe8dfde97ed421344a2179504314f63f9535b7c9269396c085fdc884bb25842fce4d12cc5108de198feb3657e3a977a9c03ce520075babcc0915fda1db
-
SSDEEP
24576:iyYGrhzZoptQaNyNP50+/x7/U7u9fmqwx8z6H:JYGVZYQaNyNBj/F/U7u9Oqnz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-