General
-
Target
89e07d51e7d84fcd2290c40eb19aa64f7ab2f74623bfee3e2f5de4550357a980
-
Size
939KB
-
Sample
230410-yjh6jsfh27
-
MD5
bbc37c9b5bfbc69ac32d5399682e4152
-
SHA1
b17bf01afd5ac566d75f3b481cd8a2457549cf78
-
SHA256
89e07d51e7d84fcd2290c40eb19aa64f7ab2f74623bfee3e2f5de4550357a980
-
SHA512
769a4685a6fe043e84bf7edcc119ec3fece802e8c8f86571000c7f6ad0369650c72ebbd3c38de137d394658b74bf14cd57c06e87d0a42a3c48b8b2d6dfa73ea0
-
SSDEEP
24576:VyUSa8P7aNPX3s3DapD7IWlRF6OsZFOC616ad:wUSaiwPX83DaNhtCla
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
89e07d51e7d84fcd2290c40eb19aa64f7ab2f74623bfee3e2f5de4550357a980
-
Size
939KB
-
MD5
bbc37c9b5bfbc69ac32d5399682e4152
-
SHA1
b17bf01afd5ac566d75f3b481cd8a2457549cf78
-
SHA256
89e07d51e7d84fcd2290c40eb19aa64f7ab2f74623bfee3e2f5de4550357a980
-
SHA512
769a4685a6fe043e84bf7edcc119ec3fece802e8c8f86571000c7f6ad0369650c72ebbd3c38de137d394658b74bf14cd57c06e87d0a42a3c48b8b2d6dfa73ea0
-
SSDEEP
24576:VyUSa8P7aNPX3s3DapD7IWlRF6OsZFOC616ad:wUSaiwPX83DaNhtCla
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-