General
-
Target
cae3ca59d69a6d21647fb3c46923dc1f4847b079128c89f52f5bc1eb4029b610
-
Size
790KB
-
Sample
230411-fgy5waae22
-
MD5
16a424112c0b9b64e2fbd91030eae40b
-
SHA1
e4d57e42e2ae6208f29a6b3ca5f38244bbde405f
-
SHA256
cae3ca59d69a6d21647fb3c46923dc1f4847b079128c89f52f5bc1eb4029b610
-
SHA512
11edaefb874c28b68e3a38bdcc71c86904931c03d9a3ffa85cee1239ffd87d321ed7d3ec37493473db1fea3859599fa118b2f72c64e6bcf540bbc415578f17ca
-
SSDEEP
12288:OMrIy90F566xeEBv/ehUmKO0NR8Moqj+iZCmlJglVVVqTsC286LgDQ0/fQWV:ayYBreDKONqjTC8DTsCB6Ekwo8
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Targets
-
-
Target
cae3ca59d69a6d21647fb3c46923dc1f4847b079128c89f52f5bc1eb4029b610
-
Size
790KB
-
MD5
16a424112c0b9b64e2fbd91030eae40b
-
SHA1
e4d57e42e2ae6208f29a6b3ca5f38244bbde405f
-
SHA256
cae3ca59d69a6d21647fb3c46923dc1f4847b079128c89f52f5bc1eb4029b610
-
SHA512
11edaefb874c28b68e3a38bdcc71c86904931c03d9a3ffa85cee1239ffd87d321ed7d3ec37493473db1fea3859599fa118b2f72c64e6bcf540bbc415578f17ca
-
SSDEEP
12288:OMrIy90F566xeEBv/ehUmKO0NR8Moqj+iZCmlJglVVVqTsC286LgDQ0/fQWV:ayYBreDKONqjTC8DTsCB6Ekwo8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-