General
-
Target
52fafc9667051fccc7cea0a6179377e8d21798f1ddbb6fb3d5c1d4cf090b536b
-
Size
939KB
-
Sample
230410-zvtl4ahg6z
-
MD5
0cdbd83c06147004aab8e15ef98f9c00
-
SHA1
f4c5b5da394d3f5b39b45b18d5b14e9fd0b800e8
-
SHA256
52fafc9667051fccc7cea0a6179377e8d21798f1ddbb6fb3d5c1d4cf090b536b
-
SHA512
ed0413fd0c845f185286def77a86a0eb56d4c28e23861c4c1b6dd72842c10ed03744dc66e1c3c84177ff5e5634322ce723ee5be5b8ed84a678e2507d37c4a729
-
SSDEEP
12288:qMr0y90oUVi7MRsWv7SZSktoK0PbC0UTlrKFw7K8C3DIEb+wP7SSowHSOmqx+aJ8:yyURRL6wS763DIECY7SSxPmqsaJ8
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
52fafc9667051fccc7cea0a6179377e8d21798f1ddbb6fb3d5c1d4cf090b536b
-
Size
939KB
-
MD5
0cdbd83c06147004aab8e15ef98f9c00
-
SHA1
f4c5b5da394d3f5b39b45b18d5b14e9fd0b800e8
-
SHA256
52fafc9667051fccc7cea0a6179377e8d21798f1ddbb6fb3d5c1d4cf090b536b
-
SHA512
ed0413fd0c845f185286def77a86a0eb56d4c28e23861c4c1b6dd72842c10ed03744dc66e1c3c84177ff5e5634322ce723ee5be5b8ed84a678e2507d37c4a729
-
SSDEEP
12288:qMr0y90oUVi7MRsWv7SZSktoK0PbC0UTlrKFw7K8C3DIEb+wP7SSowHSOmqx+aJ8:yyURRL6wS763DIECY7SSxPmqsaJ8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-