General
-
Target
31f538bd36c6f7bcb7aa1a0d692284ba917a7b4e256ac77c8e2e1334fa93b0e7
-
Size
843KB
-
Sample
230411-mreybadf3t
-
MD5
24d141f8e1a0395c56c76116eec20651
-
SHA1
e089786e9ab2cb2c60097f22f10c5a90bb755d84
-
SHA256
31f538bd36c6f7bcb7aa1a0d692284ba917a7b4e256ac77c8e2e1334fa93b0e7
-
SHA512
a43ac639c6f1e0ed3c25c0a2c9f90e59a2d6b2d0427811ca3257c9fcd425ef7302816a06d0718515d22450beaaa271f31af54226888925030a181d06e23a86ce
-
SSDEEP
24576:9y+rfR++Hi+FUP2DLrmQ+U76SDeeUtBy9r:YgfjizP2DdtbFUtBy
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
31f538bd36c6f7bcb7aa1a0d692284ba917a7b4e256ac77c8e2e1334fa93b0e7
-
Size
843KB
-
MD5
24d141f8e1a0395c56c76116eec20651
-
SHA1
e089786e9ab2cb2c60097f22f10c5a90bb755d84
-
SHA256
31f538bd36c6f7bcb7aa1a0d692284ba917a7b4e256ac77c8e2e1334fa93b0e7
-
SHA512
a43ac639c6f1e0ed3c25c0a2c9f90e59a2d6b2d0427811ca3257c9fcd425ef7302816a06d0718515d22450beaaa271f31af54226888925030a181d06e23a86ce
-
SSDEEP
24576:9y+rfR++Hi+FUP2DLrmQ+U76SDeeUtBy9r:YgfjizP2DdtbFUtBy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-