General
-
Target
4f86f98aba79bb30e8761ff0c89e0153b662e13ce43600233bab8165b5cacb52
-
Size
923KB
-
Sample
230409-yqsnkaef4x
-
MD5
5b27977c971d55061bd4b510a05894d4
-
SHA1
983158d4dac796a9a0768d6cc2d0c558a85998de
-
SHA256
4f86f98aba79bb30e8761ff0c89e0153b662e13ce43600233bab8165b5cacb52
-
SHA512
ee4258a21ce708a7bef98ffb0e91575a12e386fc24739c73172f0d7eddd41d0bdd8752770d482bd979bde2376fc889a5abcf8eb6047bbbe744694cad5c6f3040
-
SSDEEP
24576:gy4F2Nm1MDBgG7UCvkoKm6C6munelGyYJZ6hzNY9:n4F29Bgivkbm2mEeqLcz
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
4f86f98aba79bb30e8761ff0c89e0153b662e13ce43600233bab8165b5cacb52
-
Size
923KB
-
MD5
5b27977c971d55061bd4b510a05894d4
-
SHA1
983158d4dac796a9a0768d6cc2d0c558a85998de
-
SHA256
4f86f98aba79bb30e8761ff0c89e0153b662e13ce43600233bab8165b5cacb52
-
SHA512
ee4258a21ce708a7bef98ffb0e91575a12e386fc24739c73172f0d7eddd41d0bdd8752770d482bd979bde2376fc889a5abcf8eb6047bbbe744694cad5c6f3040
-
SSDEEP
24576:gy4F2Nm1MDBgG7UCvkoKm6C6munelGyYJZ6hzNY9:n4F29Bgivkbm2mEeqLcz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-