General
-
Target
32158e56f6838fee7805a74d40dbbf43.bin
-
Size
957KB
-
Sample
230402-bvpq5sdh66
-
MD5
80233f86584d5727d1e24d33f61f04f9
-
SHA1
8627b525e64c8f395dba6888da4af786a9b333f3
-
SHA256
bfe41ec4d5099eab2eed7206dc89f9d30fcda4f0f8986cbb3d6dca63ebd0af67
-
SHA512
d014c90c0d72fd0f8444e946250e1820dd9fff7a51a3d6b59c17314e8627b08bdb4be12aa143fb759e8fc1e20dec89c529ad35b0aae5373c29ee78965fa0eff7
-
SSDEEP
24576:/3q44hX1hOTt6R6XayY8cyHoVqHtAWcB82CgGScWlU8xk3fh:H4heThl3NAWcqm1xOfh
Static task
static1
Behavioral task
behavioral1
Sample
09af45db9ffb4b1b41de2d2f24c06c4d4a50cf7654ca22707d0a55aca7781c4c.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lift
176.113.115.145:4125
-
auth_value
94f33c242a83de9dcc729e29ec435dfb
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Targets
-
-
Target
09af45db9ffb4b1b41de2d2f24c06c4d4a50cf7654ca22707d0a55aca7781c4c.exe
-
Size
1001KB
-
MD5
32158e56f6838fee7805a74d40dbbf43
-
SHA1
dceabe3776850e34f4eb722b1955a81d4c62076c
-
SHA256
09af45db9ffb4b1b41de2d2f24c06c4d4a50cf7654ca22707d0a55aca7781c4c
-
SHA512
9d4587a4c201479fb974296021d1d39046d56a3903ee4590d0e57053043e676df8887849a8ce8dbd9e0fc239b2e9f3a6226fe23a377f7c64a391aa00b5addc52
-
SSDEEP
24576:yyNgVn3yTtDT1fGkH+aMCN/IeqfwdMGI:ZeV3yTtNfGkeq/Ieqfi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-