General
-
Target
3daa6fbc0279272cdaf6871b52c8befa1079129e9e1c2175889d362de22c0c44
-
Size
1.0MB
-
Sample
230410-ztkb2agc46
-
MD5
4affeb4c86086a511fed567f5f8383f9
-
SHA1
28f077b610e9ee91ce5c14b6c460ec8a40f524e4
-
SHA256
3daa6fbc0279272cdaf6871b52c8befa1079129e9e1c2175889d362de22c0c44
-
SHA512
7f3e05373c3867dc527ee4271e4e02c14b3de5e0234adbb31b4e2dbb26b6fc162251af46e34a33d94193e9d958681b34207a412cf045629db1d5926ce53c3704
-
SSDEEP
24576:hyPG6ky6iMwNM39kRDy4l8f6XGRx4FxfCyt1C:U0y6mNYAzXSx4Fxqc
Static task
static1
Malware Config
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
brat
176.113.115.145:4125
-
auth_value
1f9c658aed2f70f42f99a57a005561cf
Targets
-
-
Target
3daa6fbc0279272cdaf6871b52c8befa1079129e9e1c2175889d362de22c0c44
-
Size
1.0MB
-
MD5
4affeb4c86086a511fed567f5f8383f9
-
SHA1
28f077b610e9ee91ce5c14b6c460ec8a40f524e4
-
SHA256
3daa6fbc0279272cdaf6871b52c8befa1079129e9e1c2175889d362de22c0c44
-
SHA512
7f3e05373c3867dc527ee4271e4e02c14b3de5e0234adbb31b4e2dbb26b6fc162251af46e34a33d94193e9d958681b34207a412cf045629db1d5926ce53c3704
-
SSDEEP
24576:hyPG6ky6iMwNM39kRDy4l8f6XGRx4FxfCyt1C:U0y6mNYAzXSx4Fxqc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-