General
-
Target
bcd52944dd83b34e3ac5867aac2f796a42a5fa09b9907c6345033c9c99336008
-
Size
1.1MB
-
Sample
230409-sjfgrsbe62
-
MD5
b25f2e1a7f6d8b0fc266a5dc0823fafa
-
SHA1
5fa3ee6f298d76e888493b3d4f860e6fa00c1297
-
SHA256
bcd52944dd83b34e3ac5867aac2f796a42a5fa09b9907c6345033c9c99336008
-
SHA512
0db79973b06af32a513458ef2fcde0bb05be3c54fc7a01b08603b301029e83d4f43d7bb90c30f62a9edb989b496cbb92ebcf1bde17bb3bcebdfb8cdfd1f88932
-
SSDEEP
24576:jyrSVL2jhadGZYsUBd4oc3AOjpiSkkaLHqxTcur4zjkuq:2yL+YsUgoZSWmiuMzY
Static task
static1
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
lenox
77.91.124.145:4125
-
auth_value
a5c9c17a250a084c5fd706c1df7c2d4e
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
bcd52944dd83b34e3ac5867aac2f796a42a5fa09b9907c6345033c9c99336008
-
Size
1.1MB
-
MD5
b25f2e1a7f6d8b0fc266a5dc0823fafa
-
SHA1
5fa3ee6f298d76e888493b3d4f860e6fa00c1297
-
SHA256
bcd52944dd83b34e3ac5867aac2f796a42a5fa09b9907c6345033c9c99336008
-
SHA512
0db79973b06af32a513458ef2fcde0bb05be3c54fc7a01b08603b301029e83d4f43d7bb90c30f62a9edb989b496cbb92ebcf1bde17bb3bcebdfb8cdfd1f88932
-
SSDEEP
24576:jyrSVL2jhadGZYsUBd4oc3AOjpiSkkaLHqxTcur4zjkuq:2yL+YsUgoZSWmiuMzY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-