General
-
Target
65ace2eeaed407a8f6a959adb257e683d3f442559a2f5e8f081c00a7e803969b
-
Size
801KB
-
Sample
230410-zrswdshg5v
-
MD5
98f7bc4d45a90e2f9903b290d965a0f8
-
SHA1
27faefcf2b522881aaf62f15f917951685f71d16
-
SHA256
65ace2eeaed407a8f6a959adb257e683d3f442559a2f5e8f081c00a7e803969b
-
SHA512
a1510824d9d96c255647a870a5cf059309ca5562a6e7c26116eb39a41df493c30eb5569b6641d70d0442cc08997e1171b34f302fdc6371992f0a8e3de75a81b4
-
SSDEEP
12288:uMrqy90TY7uK35XuW4kdhdDoR2ctrytmDQ5wxK7C8ENg/GKXdq0DH8ATc0RnG:wy1aKJNHdDog45xfxAGydqqjRG
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
65ace2eeaed407a8f6a959adb257e683d3f442559a2f5e8f081c00a7e803969b
-
Size
801KB
-
MD5
98f7bc4d45a90e2f9903b290d965a0f8
-
SHA1
27faefcf2b522881aaf62f15f917951685f71d16
-
SHA256
65ace2eeaed407a8f6a959adb257e683d3f442559a2f5e8f081c00a7e803969b
-
SHA512
a1510824d9d96c255647a870a5cf059309ca5562a6e7c26116eb39a41df493c30eb5569b6641d70d0442cc08997e1171b34f302fdc6371992f0a8e3de75a81b4
-
SSDEEP
12288:uMrqy90TY7uK35XuW4kdhdDoR2ctrytmDQ5wxK7C8ENg/GKXdq0DH8ATc0RnG:wy1aKJNHdDog45xfxAGydqqjRG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-