General
-
Target
bd0fc2e9de0b3fb9d6bcd02f06bc71ff5dfa5b4d72b9d1e9e42438eca082e6cb
-
Size
939KB
-
Sample
230410-z57ayahh3z
-
MD5
dd7f02744b9227052b99aca20c743821
-
SHA1
22ef0b7d903b726b6e808e6790341a2de1de2677
-
SHA256
bd0fc2e9de0b3fb9d6bcd02f06bc71ff5dfa5b4d72b9d1e9e42438eca082e6cb
-
SHA512
60079e0540750839f7c7ca7e13428a9cd2d247363a651096e443e0e67f46e462e556b44a094d16d3b473285024e0736dfa1c9d13ab4752f2b53f1474b6b77d40
-
SSDEEP
24576:ayLnD9mzKRGPnony0KU8JChI2K4G7yoAUZgwabPyH9/6j:h7D2HQnrKU8O27yjZRu9/6
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
bd0fc2e9de0b3fb9d6bcd02f06bc71ff5dfa5b4d72b9d1e9e42438eca082e6cb
-
Size
939KB
-
MD5
dd7f02744b9227052b99aca20c743821
-
SHA1
22ef0b7d903b726b6e808e6790341a2de1de2677
-
SHA256
bd0fc2e9de0b3fb9d6bcd02f06bc71ff5dfa5b4d72b9d1e9e42438eca082e6cb
-
SHA512
60079e0540750839f7c7ca7e13428a9cd2d247363a651096e443e0e67f46e462e556b44a094d16d3b473285024e0736dfa1c9d13ab4752f2b53f1474b6b77d40
-
SSDEEP
24576:ayLnD9mzKRGPnony0KU8JChI2K4G7yoAUZgwabPyH9/6j:h7D2HQnrKU8O27yjZRu9/6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-