General
-
Target
fbb902b8f6898210bce6cd973480dd5a9b8c5ab852cbafb7df971ffeb66f2676
-
Size
801KB
-
Sample
230410-yw1lcsga26
-
MD5
9075d7e52e5c4cfb0c6f18339a4747c0
-
SHA1
6d62e9ed23dab1870e3efe542fd1041701ea7212
-
SHA256
fbb902b8f6898210bce6cd973480dd5a9b8c5ab852cbafb7df971ffeb66f2676
-
SHA512
ec8cced296605055679d882aa4ac19e5c633814fead314680c3e4d400ceca472a0e11e6482b128d2665ad630cb7678488b4fe8fd445977cc52384fd96ef9ebdd
-
SSDEEP
12288:cMrOy90cD7sVLLdmK48arYoYLxK7CHG0yeztlyGYqJyBe+tGvvebTkU/9mW+kif0:qyjDemK75xf4Cj7JIUveBQW7RFQK
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
fbb902b8f6898210bce6cd973480dd5a9b8c5ab852cbafb7df971ffeb66f2676
-
Size
801KB
-
MD5
9075d7e52e5c4cfb0c6f18339a4747c0
-
SHA1
6d62e9ed23dab1870e3efe542fd1041701ea7212
-
SHA256
fbb902b8f6898210bce6cd973480dd5a9b8c5ab852cbafb7df971ffeb66f2676
-
SHA512
ec8cced296605055679d882aa4ac19e5c633814fead314680c3e4d400ceca472a0e11e6482b128d2665ad630cb7678488b4fe8fd445977cc52384fd96ef9ebdd
-
SSDEEP
12288:cMrOy90cD7sVLLdmK48arYoYLxK7CHG0yeztlyGYqJyBe+tGvvebTkU/9mW+kif0:qyjDemK75xf4Cj7JIUveBQW7RFQK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-