General
-
Target
a566943c73eb97e68552c542b3b1d52aaa47b56cdb55d6fbbf263d670251eec0
-
Size
926KB
-
Sample
230409-yrm5gacg84
-
MD5
6ced761c7cd6eed7fdaa92c88e98bebf
-
SHA1
cbcd46dd0d70a42e8b089c5803e37ff269fd42c7
-
SHA256
a566943c73eb97e68552c542b3b1d52aaa47b56cdb55d6fbbf263d670251eec0
-
SHA512
a553d33b2988fd8f36b2f966f0086014427aa33d9be4a1b7d6c2a3d15ebdb6121e884ed2c4f67cda0302445f6f2f0b7a47d5a24d85d9096bc6d18d277b5d0a70
-
SSDEEP
24576:vy2DIOG0BrsyvtDSAhK8RQlQyNRHe/p0II1j28Z:6ZKsyvRSAhKmQhRHexK1j
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
a566943c73eb97e68552c542b3b1d52aaa47b56cdb55d6fbbf263d670251eec0
-
Size
926KB
-
MD5
6ced761c7cd6eed7fdaa92c88e98bebf
-
SHA1
cbcd46dd0d70a42e8b089c5803e37ff269fd42c7
-
SHA256
a566943c73eb97e68552c542b3b1d52aaa47b56cdb55d6fbbf263d670251eec0
-
SHA512
a553d33b2988fd8f36b2f966f0086014427aa33d9be4a1b7d6c2a3d15ebdb6121e884ed2c4f67cda0302445f6f2f0b7a47d5a24d85d9096bc6d18d277b5d0a70
-
SSDEEP
24576:vy2DIOG0BrsyvtDSAhK8RQlQyNRHe/p0II1j28Z:6ZKsyvRSAhKmQhRHexK1j
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-