General
-
Target
852d6c0c8b1cdbeebab1e601f42f3c5e1bc66362b833a5e74eced11b4a9790c4
-
Size
939KB
-
Sample
230410-zj1w2ahf9y
-
MD5
8411c084ac283255dd18b5f37c80a5e3
-
SHA1
7026b356d3d344cdfdcc9e563c81f4b1f79fcdd2
-
SHA256
852d6c0c8b1cdbeebab1e601f42f3c5e1bc66362b833a5e74eced11b4a9790c4
-
SHA512
c67a81baed481c476134d379fc185e85efe4ae20ae6b53c6600183ddbf40550e807039d721b471be8cf53735d80b7d3d5dc89760c79ed3e703704e419f3ec31a
-
SSDEEP
24576:XybaTDBY+OQ6bhjMdIyhByG/xswe4AWE:ibMD7OQ6bhWpcut1A
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
852d6c0c8b1cdbeebab1e601f42f3c5e1bc66362b833a5e74eced11b4a9790c4
-
Size
939KB
-
MD5
8411c084ac283255dd18b5f37c80a5e3
-
SHA1
7026b356d3d344cdfdcc9e563c81f4b1f79fcdd2
-
SHA256
852d6c0c8b1cdbeebab1e601f42f3c5e1bc66362b833a5e74eced11b4a9790c4
-
SHA512
c67a81baed481c476134d379fc185e85efe4ae20ae6b53c6600183ddbf40550e807039d721b471be8cf53735d80b7d3d5dc89760c79ed3e703704e419f3ec31a
-
SSDEEP
24576:XybaTDBY+OQ6bhjMdIyhByG/xswe4AWE:ibMD7OQ6bhWpcut1A
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-