General
-
Target
3dad71371867f73f4a6e0d4fdd354c130a28101858676462ff38ccf661b6e68b
-
Size
801KB
-
Sample
230410-zh4xashf8z
-
MD5
66c4a14bec64fd56ff99b13bf3afc182
-
SHA1
a392724c3da0a787040bf3d33a65abc8b3af0d8e
-
SHA256
3dad71371867f73f4a6e0d4fdd354c130a28101858676462ff38ccf661b6e68b
-
SHA512
16196b4734e5f64f3f4cab4784a1648bb2d65aac590194f381323d947855399e0959b7c36960db8d34a2c782ef067b5a748f5056fe78cef07efb354df30525c2
-
SSDEEP
12288:pMrcy90itF1Lf9iSaEhldpEzCDjxe7bMbxK7C1Qmc14YrVPMwYwN/9PB4DP5Zp9J:Jy3iS2zOxOkxf84YrGXC5B4tZ/z6/o
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
3dad71371867f73f4a6e0d4fdd354c130a28101858676462ff38ccf661b6e68b
-
Size
801KB
-
MD5
66c4a14bec64fd56ff99b13bf3afc182
-
SHA1
a392724c3da0a787040bf3d33a65abc8b3af0d8e
-
SHA256
3dad71371867f73f4a6e0d4fdd354c130a28101858676462ff38ccf661b6e68b
-
SHA512
16196b4734e5f64f3f4cab4784a1648bb2d65aac590194f381323d947855399e0959b7c36960db8d34a2c782ef067b5a748f5056fe78cef07efb354df30525c2
-
SSDEEP
12288:pMrcy90itF1Lf9iSaEhldpEzCDjxe7bMbxK7C1Qmc14YrVPMwYwN/9PB4DP5Zp9J:Jy3iS2zOxOkxf84YrGXC5B4tZ/z6/o
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-