General
-
Target
bed25e38dce45a3b91b700cb7e3e8079a31ad85aafeef9d2c3473be42b6c0671
-
Size
983KB
-
Sample
230411-l2mv8sdd7v
-
MD5
45ea0b3dcd4c71e7c3986a128003597b
-
SHA1
d050de76cf4c52b71c204843aa6fd7557e159745
-
SHA256
bed25e38dce45a3b91b700cb7e3e8079a31ad85aafeef9d2c3473be42b6c0671
-
SHA512
3852298c603bce345564607f0d4d130a13f1423ab906c5a3b0ae83e3bdfe7166d093e4a503ef2780ebe22a88d412ba531bfffad02ed2e3c4a05d2c3d4c6735e9
-
SSDEEP
24576:QyZlzUx6KXt7AYGN7Cy5lmiyNHdHcMoBFPZ42cGT/toIN:XvzUx60HGxb5lmlmxW2V
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
bed25e38dce45a3b91b700cb7e3e8079a31ad85aafeef9d2c3473be42b6c0671
-
Size
983KB
-
MD5
45ea0b3dcd4c71e7c3986a128003597b
-
SHA1
d050de76cf4c52b71c204843aa6fd7557e159745
-
SHA256
bed25e38dce45a3b91b700cb7e3e8079a31ad85aafeef9d2c3473be42b6c0671
-
SHA512
3852298c603bce345564607f0d4d130a13f1423ab906c5a3b0ae83e3bdfe7166d093e4a503ef2780ebe22a88d412ba531bfffad02ed2e3c4a05d2c3d4c6735e9
-
SSDEEP
24576:QyZlzUx6KXt7AYGN7Cy5lmiyNHdHcMoBFPZ42cGT/toIN:XvzUx60HGxb5lmlmxW2V
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-