General
-
Target
4774886e64f62013ff5a48effa7256ba95fb1800d887617a2686a79f7a46b745
-
Size
991KB
-
Sample
230401-mr6e9she23
-
MD5
b37d677ce86786af1e1db9445eaf2de7
-
SHA1
fc93e26640c33b4a703ce045e1f52e8d4c2a6101
-
SHA256
4774886e64f62013ff5a48effa7256ba95fb1800d887617a2686a79f7a46b745
-
SHA512
0c6cb39deeea6f898cb12410e9c6d848322e65df836ab09d926f65f4cd3a35bf20b1d5a9f296b6445b7f7c752699c180d6c8ca8d5f35dac8436b70d3501d289d
-
SSDEEP
24576:3ypxUGoSA33fRlx+41rhQ8Le5FYc5TQISFmHZan4C4yj:C3UHj33fnx+41NBeXYeQNE5a4C4y
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
4774886e64f62013ff5a48effa7256ba95fb1800d887617a2686a79f7a46b745
-
Size
991KB
-
MD5
b37d677ce86786af1e1db9445eaf2de7
-
SHA1
fc93e26640c33b4a703ce045e1f52e8d4c2a6101
-
SHA256
4774886e64f62013ff5a48effa7256ba95fb1800d887617a2686a79f7a46b745
-
SHA512
0c6cb39deeea6f898cb12410e9c6d848322e65df836ab09d926f65f4cd3a35bf20b1d5a9f296b6445b7f7c752699c180d6c8ca8d5f35dac8436b70d3501d289d
-
SSDEEP
24576:3ypxUGoSA33fRlx+41rhQ8Le5FYc5TQISFmHZan4C4yj:C3UHj33fnx+41NBeXYeQNE5a4C4y
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-