General
-
Target
268915ceddc97a0ad97e9198f772c1d098d6a38785919fde03afddba747e3c37
-
Size
981KB
-
Sample
230411-m7tfmsdf9s
-
MD5
7466fd999bad1d4048088a63ee61cee5
-
SHA1
aa6a44b5ad3b4efbdd048031389139108b084892
-
SHA256
268915ceddc97a0ad97e9198f772c1d098d6a38785919fde03afddba747e3c37
-
SHA512
ca0f977d075118d16f875b6cafd7084dec69b8de0da217d409a4b9c1d658b113f494456b35e542790cc269026d392dbf176db9a79d326507a5f5f5653d6b8a06
-
SSDEEP
24576:kyqGvOSefCTqrd1NRxX3c7Nicm855Z6W:zzvhJ4nc8q5m
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
268915ceddc97a0ad97e9198f772c1d098d6a38785919fde03afddba747e3c37
-
Size
981KB
-
MD5
7466fd999bad1d4048088a63ee61cee5
-
SHA1
aa6a44b5ad3b4efbdd048031389139108b084892
-
SHA256
268915ceddc97a0ad97e9198f772c1d098d6a38785919fde03afddba747e3c37
-
SHA512
ca0f977d075118d16f875b6cafd7084dec69b8de0da217d409a4b9c1d658b113f494456b35e542790cc269026d392dbf176db9a79d326507a5f5f5653d6b8a06
-
SSDEEP
24576:kyqGvOSefCTqrd1NRxX3c7Nicm855Z6W:zzvhJ4nc8q5m
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-