General
-
Target
80f9b96f8e31ded47c0da929c8afe76a7e651d811a87b4ff036033b66d1ed794
-
Size
800KB
-
Sample
230410-yplhvshe2t
-
MD5
c1cd46f9af0a04d390e4df3981eb80f5
-
SHA1
2478e651908a021f1fa257677703a5af798cb88e
-
SHA256
80f9b96f8e31ded47c0da929c8afe76a7e651d811a87b4ff036033b66d1ed794
-
SHA512
96b314c2ec4ab9db48c703c249815013aca6984485a86c90bf32ab03da80318b77af07a76f08421cc0cd9a62771831d78ae5502ed952e117d9ea727c3eac963b
-
SSDEEP
12288:kMrEy90iNLrldxm3ur1AAfvhQB1DGxNU7EpJxK7CDgH2Ex1QF+4Wj29vdeDS:gy5w3OrGBFGxaYvxfEHL1IujQVe2
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
80f9b96f8e31ded47c0da929c8afe76a7e651d811a87b4ff036033b66d1ed794
-
Size
800KB
-
MD5
c1cd46f9af0a04d390e4df3981eb80f5
-
SHA1
2478e651908a021f1fa257677703a5af798cb88e
-
SHA256
80f9b96f8e31ded47c0da929c8afe76a7e651d811a87b4ff036033b66d1ed794
-
SHA512
96b314c2ec4ab9db48c703c249815013aca6984485a86c90bf32ab03da80318b77af07a76f08421cc0cd9a62771831d78ae5502ed952e117d9ea727c3eac963b
-
SSDEEP
12288:kMrEy90iNLrldxm3ur1AAfvhQB1DGxNU7EpJxK7CDgH2Ex1QF+4Wj29vdeDS:gy5w3OrGBFGxaYvxfEHL1IujQVe2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-