General
-
Target
e53060e334d42c2a331793a500ad4006909cb69750f99d2873331e5fa41927f0
-
Size
707KB
-
Sample
230411-mrazcsdf21
-
MD5
54d8bbfb1c748507da4afbebc5dbe6c2
-
SHA1
785ee902b7f84f7f7ed15aa1428ecb958d734894
-
SHA256
e53060e334d42c2a331793a500ad4006909cb69750f99d2873331e5fa41927f0
-
SHA512
00e808df1c643d9f538eb574b90950221375bf730f7a62f424ee3b45da329af4bc17c0382b3fef0c473f6e2746addb23252c42ae67fe35a4d9969936f2493e7b
-
SSDEEP
12288:6MrKy90+obV6MI3zKY6epsor06ZuP1iw7tuuM4pMv3WSY15bMb8:YyxYhgH6ir06Zu9iw7jMDv3WSadc8
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
e53060e334d42c2a331793a500ad4006909cb69750f99d2873331e5fa41927f0
-
Size
707KB
-
MD5
54d8bbfb1c748507da4afbebc5dbe6c2
-
SHA1
785ee902b7f84f7f7ed15aa1428ecb958d734894
-
SHA256
e53060e334d42c2a331793a500ad4006909cb69750f99d2873331e5fa41927f0
-
SHA512
00e808df1c643d9f538eb574b90950221375bf730f7a62f424ee3b45da329af4bc17c0382b3fef0c473f6e2746addb23252c42ae67fe35a4d9969936f2493e7b
-
SSDEEP
12288:6MrKy90+obV6MI3zKY6epsor06ZuP1iw7tuuM4pMv3WSY15bMb8:YyxYhgH6ir06Zu9iw7jMDv3WSadc8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-