General
-
Target
6ce5d5cbe6f37dc158eaa6b77d45527b2dc4d73b529a0880d2736c4fb0e176ec
-
Size
1.1MB
-
Sample
230409-rfwtxadb6w
-
MD5
db0a9f55828150427e1b1e3a0994b775
-
SHA1
321aa87dd42e65a74106b6ace50343fbda1de15f
-
SHA256
6ce5d5cbe6f37dc158eaa6b77d45527b2dc4d73b529a0880d2736c4fb0e176ec
-
SHA512
0fb63830d3b0bf26b04a99d02fba30eac9eb980c43724b5587001a1dbe7bc08eabeec45455d1a42cc7d6ac745504d6de23d4c91dc8530737c506163afbff96ff
-
SSDEEP
24576:dyFAPRL9YbyMo6FkhPKJ4ppxQeETFJxa1m9xCHC5tCEhHfd:4FgL9MoUIPLppxQeETFJgWJf
Static task
static1
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
lenox
77.91.124.145:4125
-
auth_value
a5c9c17a250a084c5fd706c1df7c2d4e
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
6ce5d5cbe6f37dc158eaa6b77d45527b2dc4d73b529a0880d2736c4fb0e176ec
-
Size
1.1MB
-
MD5
db0a9f55828150427e1b1e3a0994b775
-
SHA1
321aa87dd42e65a74106b6ace50343fbda1de15f
-
SHA256
6ce5d5cbe6f37dc158eaa6b77d45527b2dc4d73b529a0880d2736c4fb0e176ec
-
SHA512
0fb63830d3b0bf26b04a99d02fba30eac9eb980c43724b5587001a1dbe7bc08eabeec45455d1a42cc7d6ac745504d6de23d4c91dc8530737c506163afbff96ff
-
SSDEEP
24576:dyFAPRL9YbyMo6FkhPKJ4ppxQeETFJxa1m9xCHC5tCEhHfd:4FgL9MoUIPLppxQeETFJgWJf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-