General
-
Target
002caab1870821957f33609e35583002dfb907123e6a7b59cf21c0862c3e83ef
-
Size
785KB
-
Sample
230409-yslm2acg95
-
MD5
b09dac4a6f6a2736170317dec5802be3
-
SHA1
03eb91b0bf0079770a7f5d94bc2b07aee77e8eb1
-
SHA256
002caab1870821957f33609e35583002dfb907123e6a7b59cf21c0862c3e83ef
-
SHA512
80e636c11db53530ee55d26d7e9de94d2c0a7ed8e09d1bd71d5e8d3f3bceced6888f6d4380b8aa9969f3c443b436990f93b580469b0faa543b16745a79f201f1
-
SSDEEP
12288:pMrfy90zELwg+/tEj2tw5hOOjjp+Prvc7IV+npXRNkMYxC4+fgFB+H+BA0G8:iynEJy5hOqEPrvckwnpXRGMYcg7++xv
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
002caab1870821957f33609e35583002dfb907123e6a7b59cf21c0862c3e83ef
-
Size
785KB
-
MD5
b09dac4a6f6a2736170317dec5802be3
-
SHA1
03eb91b0bf0079770a7f5d94bc2b07aee77e8eb1
-
SHA256
002caab1870821957f33609e35583002dfb907123e6a7b59cf21c0862c3e83ef
-
SHA512
80e636c11db53530ee55d26d7e9de94d2c0a7ed8e09d1bd71d5e8d3f3bceced6888f6d4380b8aa9969f3c443b436990f93b580469b0faa543b16745a79f201f1
-
SSDEEP
12288:pMrfy90zELwg+/tEj2tw5hOOjjp+Prvc7IV+npXRNkMYxC4+fgFB+H+BA0G8:iynEJy5hOqEPrvckwnpXRGMYcg7++xv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-