General
-
Target
fc0bcf3b8396dcb7e15b420c3921dfde881acc40a029ae562777c30188099a3e
-
Size
980KB
-
Sample
230411-l8es7sde2s
-
MD5
5e129c0f1a71240c4bc83e9a7c090550
-
SHA1
b87abb1449929657e342f43f9c1209702661a207
-
SHA256
fc0bcf3b8396dcb7e15b420c3921dfde881acc40a029ae562777c30188099a3e
-
SHA512
fd40bb64594b80f39c7d21ab7a6dbe40259ff92892fa9f32e5e1a88a49b1c7f5599b4dd8c8092056d4468086c9ea7b766bacf64ae07ed89fd580819e2218f837
-
SSDEEP
24576:UyLj8tF4KIaTLD37WsHByL0Dr7FtRq4nzkO27nIS76mUWKYy8o:jktF3pTLOL0LlPz0heJ
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
fc0bcf3b8396dcb7e15b420c3921dfde881acc40a029ae562777c30188099a3e
-
Size
980KB
-
MD5
5e129c0f1a71240c4bc83e9a7c090550
-
SHA1
b87abb1449929657e342f43f9c1209702661a207
-
SHA256
fc0bcf3b8396dcb7e15b420c3921dfde881acc40a029ae562777c30188099a3e
-
SHA512
fd40bb64594b80f39c7d21ab7a6dbe40259ff92892fa9f32e5e1a88a49b1c7f5599b4dd8c8092056d4468086c9ea7b766bacf64ae07ed89fd580819e2218f837
-
SSDEEP
24576:UyLj8tF4KIaTLD37WsHByL0Dr7FtRq4nzkO27nIS76mUWKYy8o:jktF3pTLOL0LlPz0heJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-