General
-
Target
58c48fab9cc5a7edddc20041b72f6177ab7ec71aa722160a93a1d5acab293b5c
-
Size
992KB
-
Sample
230401-nbn2qaba6z
-
MD5
ad17428a8d48ffc3f3b4e7d69fec8d2a
-
SHA1
844d63a808b7612e3cda3e841510858d041df95b
-
SHA256
58c48fab9cc5a7edddc20041b72f6177ab7ec71aa722160a93a1d5acab293b5c
-
SHA512
a70a026088105c4a591f6e9764fe3ab4209494d8562df6faf5c4d80e3d8e0921ce2c7e29e68cae9b3a30f07a93f8c45f81e3ddf226cc7227f97014fc297a1374
-
SSDEEP
24576:vy4R0PJLG3VXmLvvGIHyDmqF8P5fi3nJhkzG6Q:6G0PJwVXmLvvGst75fiZe
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
58c48fab9cc5a7edddc20041b72f6177ab7ec71aa722160a93a1d5acab293b5c
-
Size
992KB
-
MD5
ad17428a8d48ffc3f3b4e7d69fec8d2a
-
SHA1
844d63a808b7612e3cda3e841510858d041df95b
-
SHA256
58c48fab9cc5a7edddc20041b72f6177ab7ec71aa722160a93a1d5acab293b5c
-
SHA512
a70a026088105c4a591f6e9764fe3ab4209494d8562df6faf5c4d80e3d8e0921ce2c7e29e68cae9b3a30f07a93f8c45f81e3ddf226cc7227f97014fc297a1374
-
SSDEEP
24576:vy4R0PJLG3VXmLvvGIHyDmqF8P5fi3nJhkzG6Q:6G0PJwVXmLvvGst75fiZe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-