General
-
Target
743fb3c3a09762c323f45a99c2a19e5c9dbfb40e89a8229ba6c9b7f8cc5509c4
-
Size
844KB
-
Sample
230411-n4bxvsdh8v
-
MD5
83ed18a947d15e57ec7b7af80b7dff14
-
SHA1
da401f41acc445d4cdc214ea0d15291e9e882c6a
-
SHA256
743fb3c3a09762c323f45a99c2a19e5c9dbfb40e89a8229ba6c9b7f8cc5509c4
-
SHA512
856d147fee013c84a63fcf77e830f9275466b8ff17a7ac26530d0acdb2208b6efeaf2234208fea98e0d30d8a7c04b4331d3b644f1d07d46ff7f8a901168b271b
-
SSDEEP
12288:TMrjy90aruiXCIFZpGBD3G5nTjK++rbAtvfduT8rcqCDQxfe5c9SEKrNjBg9ToJ:MyLrhCIFfCDW5nn+rbWnaDofYGEr8Q
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
743fb3c3a09762c323f45a99c2a19e5c9dbfb40e89a8229ba6c9b7f8cc5509c4
-
Size
844KB
-
MD5
83ed18a947d15e57ec7b7af80b7dff14
-
SHA1
da401f41acc445d4cdc214ea0d15291e9e882c6a
-
SHA256
743fb3c3a09762c323f45a99c2a19e5c9dbfb40e89a8229ba6c9b7f8cc5509c4
-
SHA512
856d147fee013c84a63fcf77e830f9275466b8ff17a7ac26530d0acdb2208b6efeaf2234208fea98e0d30d8a7c04b4331d3b644f1d07d46ff7f8a901168b271b
-
SSDEEP
12288:TMrjy90aruiXCIFZpGBD3G5nTjK++rbAtvfduT8rcqCDQxfe5c9SEKrNjBg9ToJ:MyLrhCIFfCDW5nn+rbWnaDofYGEr8Q
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-