General
-
Target
ce0660fda4c9b14e52a913cbeb7bcf1ec0d875caf19c27afab15e3af1f2584e4
-
Size
983KB
-
Sample
230411-mva4jabh84
-
MD5
06b57e3128fc523c5777f7eb802445e2
-
SHA1
c43c3ebcf884a9d8a64b00949277c687e8bac795
-
SHA256
ce0660fda4c9b14e52a913cbeb7bcf1ec0d875caf19c27afab15e3af1f2584e4
-
SHA512
0abddb6eadc12c314cff6534c65af307c0aa438d17eeeaa8acb921458287d15885ea90f41ffc47cea3fac894c8a9daa9ca84e10f819e14a764ac29f59a2530ca
-
SSDEEP
24576:jyv/P6xRBRTNY00cmLE0+WInioIUr6mFyXmM:2v/4R5KcmCV1JD
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
ce0660fda4c9b14e52a913cbeb7bcf1ec0d875caf19c27afab15e3af1f2584e4
-
Size
983KB
-
MD5
06b57e3128fc523c5777f7eb802445e2
-
SHA1
c43c3ebcf884a9d8a64b00949277c687e8bac795
-
SHA256
ce0660fda4c9b14e52a913cbeb7bcf1ec0d875caf19c27afab15e3af1f2584e4
-
SHA512
0abddb6eadc12c314cff6534c65af307c0aa438d17eeeaa8acb921458287d15885ea90f41ffc47cea3fac894c8a9daa9ca84e10f819e14a764ac29f59a2530ca
-
SSDEEP
24576:jyv/P6xRBRTNY00cmLE0+WInioIUr6mFyXmM:2v/4R5KcmCV1JD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-