General
-
Target
89b6de01b026e2af248274284acc31191f8d33eb8c44735e506777f690584e12
-
Size
1.2MB
-
Sample
230410-xtfyhahc2x
-
MD5
213a04badb86259e76d2452fc2bff59d
-
SHA1
9223d591e80eee174709435770197d99898f53a9
-
SHA256
89b6de01b026e2af248274284acc31191f8d33eb8c44735e506777f690584e12
-
SHA512
a5c85b20f5b1b2bb18b991a6927304e31d298dfdbf744b2fdea427468ecab406ad30a8213663b94c4c0ad62097990e6d6cc9fdfa397222ab7fe1839e47807758
-
SSDEEP
24576:myhnqcgZCQl2lMa+4F5ZuooPElDR04Q4AH9lqa1I/qrY7s:1hnq48EMf4XoANXQNwasWK
Static task
static1
Malware Config
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
brat
176.113.115.145:4125
-
auth_value
1f9c658aed2f70f42f99a57a005561cf
Targets
-
-
Target
89b6de01b026e2af248274284acc31191f8d33eb8c44735e506777f690584e12
-
Size
1.2MB
-
MD5
213a04badb86259e76d2452fc2bff59d
-
SHA1
9223d591e80eee174709435770197d99898f53a9
-
SHA256
89b6de01b026e2af248274284acc31191f8d33eb8c44735e506777f690584e12
-
SHA512
a5c85b20f5b1b2bb18b991a6927304e31d298dfdbf744b2fdea427468ecab406ad30a8213663b94c4c0ad62097990e6d6cc9fdfa397222ab7fe1839e47807758
-
SSDEEP
24576:myhnqcgZCQl2lMa+4F5ZuooPElDR04Q4AH9lqa1I/qrY7s:1hnq48EMf4XoANXQNwasWK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-