General
-
Target
176203d7e9fab3142be1a6e6f4c14367a6022ea498deb65ea022a9c867867b16
-
Size
800KB
-
Sample
230410-zq3dfahg41
-
MD5
baf4dfc2411e087a53fa873d568ee011
-
SHA1
5f47ecdf919850ff1198bf6e3621090f8c22bd84
-
SHA256
176203d7e9fab3142be1a6e6f4c14367a6022ea498deb65ea022a9c867867b16
-
SHA512
94a71ad2558a54021e8ca875ce946099cd63f1eaf1857667cdbc1f9cd3b8837474033b56078969fb2f19cd948030d376a05baded426ed0fb700eef8a878ab017
-
SSDEEP
12288:aMrAy90yoRjhvPu0yJXbkVgoTPxK7CCrgEms715LIqjEnxvQ9Qh05w:2yFoRjlpnVgoLxfY1FImYxuW
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
176203d7e9fab3142be1a6e6f4c14367a6022ea498deb65ea022a9c867867b16
-
Size
800KB
-
MD5
baf4dfc2411e087a53fa873d568ee011
-
SHA1
5f47ecdf919850ff1198bf6e3621090f8c22bd84
-
SHA256
176203d7e9fab3142be1a6e6f4c14367a6022ea498deb65ea022a9c867867b16
-
SHA512
94a71ad2558a54021e8ca875ce946099cd63f1eaf1857667cdbc1f9cd3b8837474033b56078969fb2f19cd948030d376a05baded426ed0fb700eef8a878ab017
-
SSDEEP
12288:aMrAy90yoRjhvPu0yJXbkVgoTPxK7CCrgEms715LIqjEnxvQ9Qh05w:2yFoRjlpnVgoLxfY1FImYxuW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-