General
-
Target
a7016fb95c8143c5b09123e1c8d106c3b70040e23fe117dcd8a62233b8767f9d
-
Size
1.1MB
-
Sample
230409-q769aabc73
-
MD5
81a08fe0d4a0c65a6f1141ba7a028c9a
-
SHA1
4de6ab5fc03a9c46de4d0a683cf08b6ba048085d
-
SHA256
a7016fb95c8143c5b09123e1c8d106c3b70040e23fe117dcd8a62233b8767f9d
-
SHA512
66c6b95b28a947fee6b525dd6d2cf403b7fa32efe8aa3bef93c0578b9918be3a2ec448ef9fdf7299b34f8c1c25866133b51eb3fff7a1f1e47fb89f8988186327
-
SSDEEP
24576:QyQXD+FheErzMzNH6zxF4Umvz2+a9a1EWx9qjiTL:XYDwhEp0FVwasJGU
Static task
static1
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
lenox
77.91.124.145:4125
-
auth_value
a5c9c17a250a084c5fd706c1df7c2d4e
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
a7016fb95c8143c5b09123e1c8d106c3b70040e23fe117dcd8a62233b8767f9d
-
Size
1.1MB
-
MD5
81a08fe0d4a0c65a6f1141ba7a028c9a
-
SHA1
4de6ab5fc03a9c46de4d0a683cf08b6ba048085d
-
SHA256
a7016fb95c8143c5b09123e1c8d106c3b70040e23fe117dcd8a62233b8767f9d
-
SHA512
66c6b95b28a947fee6b525dd6d2cf403b7fa32efe8aa3bef93c0578b9918be3a2ec448ef9fdf7299b34f8c1c25866133b51eb3fff7a1f1e47fb89f8988186327
-
SSDEEP
24576:QyQXD+FheErzMzNH6zxF4Umvz2+a9a1EWx9qjiTL:XYDwhEp0FVwasJGU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-