General
-
Target
be556aacf2e003aa5ff3d74245a5ae099dede76e1f2c1ae683cde83fbaa2af54
-
Size
939KB
-
Sample
230410-y44mzshf2y
-
MD5
900767768d65d7c7133b626d2774f399
-
SHA1
6de288313c06df65d9c536ca528ab677afeb6c70
-
SHA256
be556aacf2e003aa5ff3d74245a5ae099dede76e1f2c1ae683cde83fbaa2af54
-
SHA512
095de5bae3beb9d036c011c76e0deace01d088e7549ad24166965778dbb061933df0f57d38e9163f96e49a89d3db2fcc6d36b6b2deff75aaf62cb58e74d6c3e4
-
SSDEEP
24576:5y4uJc9RF80e1dE1pEA9DQKsiiJlHIZl3bNKOkS8z:s4uJcHd1fbsii/4NKOk
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
be556aacf2e003aa5ff3d74245a5ae099dede76e1f2c1ae683cde83fbaa2af54
-
Size
939KB
-
MD5
900767768d65d7c7133b626d2774f399
-
SHA1
6de288313c06df65d9c536ca528ab677afeb6c70
-
SHA256
be556aacf2e003aa5ff3d74245a5ae099dede76e1f2c1ae683cde83fbaa2af54
-
SHA512
095de5bae3beb9d036c011c76e0deace01d088e7549ad24166965778dbb061933df0f57d38e9163f96e49a89d3db2fcc6d36b6b2deff75aaf62cb58e74d6c3e4
-
SSDEEP
24576:5y4uJc9RF80e1dE1pEA9DQKsiiJlHIZl3bNKOkS8z:s4uJcHd1fbsii/4NKOk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-