General
-
Target
462b8268b2913c3a47ccffabd406c0ca5a107beeb0fed2633e23e8e22bb97fdf
-
Size
1.0MB
-
Sample
230410-x5w4vshc7x
-
MD5
8c51d6362ab0bc32bd404697e6a1a9fb
-
SHA1
8802eaf0a971fc192bd8a4b9a1f8659798a90bf4
-
SHA256
462b8268b2913c3a47ccffabd406c0ca5a107beeb0fed2633e23e8e22bb97fdf
-
SHA512
2b067bfcdda8a2f02810709e3939f97a3cc66411ad442eec1f21e3773bec46bbd4291e4d0aa85fc004796c27f040686e3a16759b9962df7ec78ad360718c0ba4
-
SSDEEP
24576:Gyt4zlTGM5ptwUOjt+oTTSvuFowUfnDGoyxfx9BjOMBJa:VUTDFoTOvuFowcPyxJPjOM
Static task
static1
Malware Config
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
brat
176.113.115.145:4125
-
auth_value
1f9c658aed2f70f42f99a57a005561cf
Targets
-
-
Target
462b8268b2913c3a47ccffabd406c0ca5a107beeb0fed2633e23e8e22bb97fdf
-
Size
1.0MB
-
MD5
8c51d6362ab0bc32bd404697e6a1a9fb
-
SHA1
8802eaf0a971fc192bd8a4b9a1f8659798a90bf4
-
SHA256
462b8268b2913c3a47ccffabd406c0ca5a107beeb0fed2633e23e8e22bb97fdf
-
SHA512
2b067bfcdda8a2f02810709e3939f97a3cc66411ad442eec1f21e3773bec46bbd4291e4d0aa85fc004796c27f040686e3a16759b9962df7ec78ad360718c0ba4
-
SSDEEP
24576:Gyt4zlTGM5ptwUOjt+oTTSvuFowUfnDGoyxfx9BjOMBJa:VUTDFoTOvuFowcPyxJPjOM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-