General
-
Target
6de3d37bfbf0f7b89021823abb408b8177620579fb754650ba3d0c0b5d5e11d9
-
Size
801KB
-
Sample
230410-ymzbyafh52
-
MD5
eefccbae49fb377c85fca0bea374877e
-
SHA1
644ad8a0bad82ab7e8b4ad693537774d85bc0cdd
-
SHA256
6de3d37bfbf0f7b89021823abb408b8177620579fb754650ba3d0c0b5d5e11d9
-
SHA512
ec016b6e53258c8c543f54b13776293b4746bf39542155359bfb6d7b99fd655be47797c0cccdf3d2ef42c4c4542e91843f894134c3b8b6616125b35da6fe3b76
-
SSDEEP
12288:EMrgy90Vtv5akuR40b6I2UdG3S7xK7CJ2gWiISEbKmtzf+1/5z5s69bUmoq+:syIakFkdG3CxffW5MHNsld
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
6de3d37bfbf0f7b89021823abb408b8177620579fb754650ba3d0c0b5d5e11d9
-
Size
801KB
-
MD5
eefccbae49fb377c85fca0bea374877e
-
SHA1
644ad8a0bad82ab7e8b4ad693537774d85bc0cdd
-
SHA256
6de3d37bfbf0f7b89021823abb408b8177620579fb754650ba3d0c0b5d5e11d9
-
SHA512
ec016b6e53258c8c543f54b13776293b4746bf39542155359bfb6d7b99fd655be47797c0cccdf3d2ef42c4c4542e91843f894134c3b8b6616125b35da6fe3b76
-
SSDEEP
12288:EMrgy90Vtv5akuR40b6I2UdG3S7xK7CJ2gWiISEbKmtzf+1/5z5s69bUmoq+:syIakFkdG3CxffW5MHNsld
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-