General
-
Target
4ff14e76036a6278c5a1cce2cadc31584f130c129e81caff405d8b10041050d5
-
Size
1.1MB
-
Sample
230409-r6mc6adc51
-
MD5
a5db6cc1cbbd3d44a88947d34e1f8c8f
-
SHA1
2252b7a9fd5d50582c69a9e4b102476b35a4e5af
-
SHA256
4ff14e76036a6278c5a1cce2cadc31584f130c129e81caff405d8b10041050d5
-
SHA512
898a374c52c5be522c091af4ae9c04f1d1930cdda87263103341c74c8b4fa631d4940551b12e5fe6a1f0f73e641a039f4054ebac5850e5ec43c4a5361e646f86
-
SSDEEP
24576:/yHxWxk2O7u8kKmMarW74totf7m/dal9CQaZaCMBxxD5CpO8tt7:K72O7H7Xarh6RK/keQaITrAt
Static task
static1
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
lenox
77.91.124.145:4125
-
auth_value
a5c9c17a250a084c5fd706c1df7c2d4e
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
4ff14e76036a6278c5a1cce2cadc31584f130c129e81caff405d8b10041050d5
-
Size
1.1MB
-
MD5
a5db6cc1cbbd3d44a88947d34e1f8c8f
-
SHA1
2252b7a9fd5d50582c69a9e4b102476b35a4e5af
-
SHA256
4ff14e76036a6278c5a1cce2cadc31584f130c129e81caff405d8b10041050d5
-
SHA512
898a374c52c5be522c091af4ae9c04f1d1930cdda87263103341c74c8b4fa631d4940551b12e5fe6a1f0f73e641a039f4054ebac5850e5ec43c4a5361e646f86
-
SSDEEP
24576:/yHxWxk2O7u8kKmMarW74totf7m/dal9CQaZaCMBxxD5CpO8tt7:K72O7H7Xarh6RK/keQaITrAt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-