General
-
Target
8546f8811d76f717a4febc199a8678e8955d9554ad2396bbf7b33393af464c2a
-
Size
939KB
-
Sample
230410-yvgf4afh94
-
MD5
5f8bfc55b0a783fb9b8c497a427cf116
-
SHA1
012061fc3b90fdb1d352e3092b755faf33a1500e
-
SHA256
8546f8811d76f717a4febc199a8678e8955d9554ad2396bbf7b33393af464c2a
-
SHA512
e2e8e077df05875cd944cd59aae1e029417fc04b5baf595ca88ebb9b0a223fee28fe01677ca4b1014f4f864fa9c58fde7a74def774b15ae6b01dfaafb44e94fa
-
SSDEEP
24576:bynzxWi5scfbj/BiYETL4CDEGkeIE3po3jS8xJeD:Onzs2z3CDEW9pMNxJe
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
8546f8811d76f717a4febc199a8678e8955d9554ad2396bbf7b33393af464c2a
-
Size
939KB
-
MD5
5f8bfc55b0a783fb9b8c497a427cf116
-
SHA1
012061fc3b90fdb1d352e3092b755faf33a1500e
-
SHA256
8546f8811d76f717a4febc199a8678e8955d9554ad2396bbf7b33393af464c2a
-
SHA512
e2e8e077df05875cd944cd59aae1e029417fc04b5baf595ca88ebb9b0a223fee28fe01677ca4b1014f4f864fa9c58fde7a74def774b15ae6b01dfaafb44e94fa
-
SSDEEP
24576:bynzxWi5scfbj/BiYETL4CDEGkeIE3po3jS8xJeD:Onzs2z3CDEW9pMNxJe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-