General
-
Target
fb1982f9534db94fcadf23805c04354ac916fd29fafd690a4dd767c989b361e6
-
Size
1.1MB
-
Sample
230409-q6lk7abc66
-
MD5
15caa8a36f321b2970d2a5164b048ed2
-
SHA1
c203b0221d7d8e2b39097d882c1e6dce219dd7b4
-
SHA256
fb1982f9534db94fcadf23805c04354ac916fd29fafd690a4dd767c989b361e6
-
SHA512
3ecb224cf9db96474d014a3eebc9b6f557c21c7dc9d0c64f5c64111bae4a317b3bf281322ff58bdcfad1f02c7b4009d7c94837a27f81bb5fe40ad1e6e507a19c
-
SSDEEP
24576:qy0lZbZeWYjdOMWwuxx9J6qkhQaaOI2xlgLgjYvJ5S7:x0lPeTdbWPV0Q/sQL75S
Static task
static1
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
lenox
77.91.124.145:4125
-
auth_value
a5c9c17a250a084c5fd706c1df7c2d4e
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
fb1982f9534db94fcadf23805c04354ac916fd29fafd690a4dd767c989b361e6
-
Size
1.1MB
-
MD5
15caa8a36f321b2970d2a5164b048ed2
-
SHA1
c203b0221d7d8e2b39097d882c1e6dce219dd7b4
-
SHA256
fb1982f9534db94fcadf23805c04354ac916fd29fafd690a4dd767c989b361e6
-
SHA512
3ecb224cf9db96474d014a3eebc9b6f557c21c7dc9d0c64f5c64111bae4a317b3bf281322ff58bdcfad1f02c7b4009d7c94837a27f81bb5fe40ad1e6e507a19c
-
SSDEEP
24576:qy0lZbZeWYjdOMWwuxx9J6qkhQaaOI2xlgLgjYvJ5S7:x0lPeTdbWPV0Q/sQL75S
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-