General
-
Target
5855948a3887a2fa355316874aa4b63881ddd8847c9825f14975ba7a64756b0f
-
Size
801KB
-
Sample
230410-ys4hvafh82
-
MD5
af83b9e161c8017ccac8a20137951b31
-
SHA1
c149b34553ca8e526094d6bfa5fcde1cbf539e91
-
SHA256
5855948a3887a2fa355316874aa4b63881ddd8847c9825f14975ba7a64756b0f
-
SHA512
7163ce78472bc7acfb1cd6ed74e3ce7b5df623e55f3e7273bba29fe589e7fa495d34525332115c5d94eb1dd38826017593c45b4473dfa0379619ee0756c08831
-
SSDEEP
24576:ByRX09SWMfntuSBAk4G7JXxfcK0gADVW1s3h:090iAR1MxaXZW1C
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
5855948a3887a2fa355316874aa4b63881ddd8847c9825f14975ba7a64756b0f
-
Size
801KB
-
MD5
af83b9e161c8017ccac8a20137951b31
-
SHA1
c149b34553ca8e526094d6bfa5fcde1cbf539e91
-
SHA256
5855948a3887a2fa355316874aa4b63881ddd8847c9825f14975ba7a64756b0f
-
SHA512
7163ce78472bc7acfb1cd6ed74e3ce7b5df623e55f3e7273bba29fe589e7fa495d34525332115c5d94eb1dd38826017593c45b4473dfa0379619ee0756c08831
-
SSDEEP
24576:ByRX09SWMfntuSBAk4G7JXxfcK0gADVW1s3h:090iAR1MxaXZW1C
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-