General
-
Target
3646ec76d4ec694bf606ebb03225b9896d7f06ad8ee3de835ad79f6ebb9a5c43
-
Size
981KB
-
Sample
230411-mkfahabh33
-
MD5
09a6cf2fa3eb58a4d6708c756dace815
-
SHA1
312096bf8c8bf89f0c050c9c100371a60bfd0ee6
-
SHA256
3646ec76d4ec694bf606ebb03225b9896d7f06ad8ee3de835ad79f6ebb9a5c43
-
SHA512
1aa94c1f9d2faea0300c02a08a6cbabb52abd935bf03fd7d41182cafa16b4f4e3f261843b2b902a207cfb1d733015564956290f7b8a421ed2242dde6fe78cd45
-
SSDEEP
24576:UyxmeQuBXDbBTjx3K2BG8eJwl7j0qad76eWJ+3hxVEFIkw:jKqXl5KjTwulGX+3OF
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
3646ec76d4ec694bf606ebb03225b9896d7f06ad8ee3de835ad79f6ebb9a5c43
-
Size
981KB
-
MD5
09a6cf2fa3eb58a4d6708c756dace815
-
SHA1
312096bf8c8bf89f0c050c9c100371a60bfd0ee6
-
SHA256
3646ec76d4ec694bf606ebb03225b9896d7f06ad8ee3de835ad79f6ebb9a5c43
-
SHA512
1aa94c1f9d2faea0300c02a08a6cbabb52abd935bf03fd7d41182cafa16b4f4e3f261843b2b902a207cfb1d733015564956290f7b8a421ed2242dde6fe78cd45
-
SSDEEP
24576:UyxmeQuBXDbBTjx3K2BG8eJwl7j0qad76eWJ+3hxVEFIkw:jKqXl5KjTwulGX+3OF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-