General
-
Target
8d021b797664dbe8e30d8ea41bd3b5fa890e89fe9be8a3da28bb294eb28ee464
-
Size
1.2MB
-
Sample
230410-xfw3kafe52
-
MD5
983f106b4c024bec368f5d71052f2195
-
SHA1
4083b9cd18d4c0121d9f07cfbef369729eb95710
-
SHA256
8d021b797664dbe8e30d8ea41bd3b5fa890e89fe9be8a3da28bb294eb28ee464
-
SHA512
37d885204241a064d74208757ef739c0a2a5086ea280186bad3897d4971c294a60f0eefe9dae45fed6bba9e65306b2887e7fdc782d4e2466e3670d09a20ad111
-
SSDEEP
24576:1yCBtYZIekKsB/CrqqUlE2MBW5E4o7dhmklkLqd1D:QCBcAB/oolE2N5ahmklk
Static task
static1
Malware Config
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
brat
176.113.115.145:4125
-
auth_value
1f9c658aed2f70f42f99a57a005561cf
Targets
-
-
Target
8d021b797664dbe8e30d8ea41bd3b5fa890e89fe9be8a3da28bb294eb28ee464
-
Size
1.2MB
-
MD5
983f106b4c024bec368f5d71052f2195
-
SHA1
4083b9cd18d4c0121d9f07cfbef369729eb95710
-
SHA256
8d021b797664dbe8e30d8ea41bd3b5fa890e89fe9be8a3da28bb294eb28ee464
-
SHA512
37d885204241a064d74208757ef739c0a2a5086ea280186bad3897d4971c294a60f0eefe9dae45fed6bba9e65306b2887e7fdc782d4e2466e3670d09a20ad111
-
SSDEEP
24576:1yCBtYZIekKsB/CrqqUlE2MBW5E4o7dhmklkLqd1D:QCBcAB/oolE2N5ahmklk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-