General
-
Target
8a4d819edcb5de1eb248e6f9ad3574bedd122ac4a819b8fabada3293ae300b41
-
Size
978KB
-
Sample
230403-gn53faee5x
-
MD5
be483d18ed406320f0c8d2b7b462034e
-
SHA1
d8640dfeb2029f3c3d7f622d33cd334818cf64d6
-
SHA256
8a4d819edcb5de1eb248e6f9ad3574bedd122ac4a819b8fabada3293ae300b41
-
SHA512
cdcc83072a656b237b41ecfdf290363822e30538958ce5f90508a2ae6f7bd874d6c97ff9851c17d9bd599167d27187ac3f7ab93ad1aa17a6266d7087e9bfe333
-
SSDEEP
24576:UyAN7zfbmQBZWA1tA/AFVHQmVUd83M9fTVxaugt4R1NBtIM:jKHBZWotA7eGDLxFztI
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
link
176.113.115.145:4125
-
auth_value
77e4c7bc6fea5ae755b29e8aea8f7012
Extracted
amadey
3.69
193.233.20.36/joomla/index.php
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
8a4d819edcb5de1eb248e6f9ad3574bedd122ac4a819b8fabada3293ae300b41
-
Size
978KB
-
MD5
be483d18ed406320f0c8d2b7b462034e
-
SHA1
d8640dfeb2029f3c3d7f622d33cd334818cf64d6
-
SHA256
8a4d819edcb5de1eb248e6f9ad3574bedd122ac4a819b8fabada3293ae300b41
-
SHA512
cdcc83072a656b237b41ecfdf290363822e30538958ce5f90508a2ae6f7bd874d6c97ff9851c17d9bd599167d27187ac3f7ab93ad1aa17a6266d7087e9bfe333
-
SSDEEP
24576:UyAN7zfbmQBZWA1tA/AFVHQmVUd83M9fTVxaugt4R1NBtIM:jKHBZWotA7eGDLxFztI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-