General
-
Target
69b7d4edf3e7170dbbc104ac4a5123c5caa1f0392cac24adba3d35225d38a3cd
-
Size
993KB
-
Sample
230411-n9m73sea3s
-
MD5
359b18a633c5992c1556cec0ce930cfd
-
SHA1
2989de2f7642fc7904f3c71f5b845d537f57231b
-
SHA256
69b7d4edf3e7170dbbc104ac4a5123c5caa1f0392cac24adba3d35225d38a3cd
-
SHA512
cc453d542a28b7624d8cf5cd42a0950b5e84447f62c1f90e59acbd44f058694b8cbbdb57cb75a7ecc2ed5fcc2a1d0d019da04f497a131bba6a5075ce1beedc84
-
SSDEEP
24576:MyKk1Zsjr4gH8bIvV7QQ8CdjWDLx2z3zQnhIRrORx:7Vyn4gc8yjDLxnh06
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
maxi
185.161.248.90:4125
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
69b7d4edf3e7170dbbc104ac4a5123c5caa1f0392cac24adba3d35225d38a3cd
-
Size
993KB
-
MD5
359b18a633c5992c1556cec0ce930cfd
-
SHA1
2989de2f7642fc7904f3c71f5b845d537f57231b
-
SHA256
69b7d4edf3e7170dbbc104ac4a5123c5caa1f0392cac24adba3d35225d38a3cd
-
SHA512
cc453d542a28b7624d8cf5cd42a0950b5e84447f62c1f90e59acbd44f058694b8cbbdb57cb75a7ecc2ed5fcc2a1d0d019da04f497a131bba6a5075ce1beedc84
-
SSDEEP
24576:MyKk1Zsjr4gH8bIvV7QQ8CdjWDLx2z3zQnhIRrORx:7Vyn4gc8yjDLxnh06
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-