General
-
Target
4615c584ae485f250b22b7fc79e03de71fe66621c32a9cee0599db6bcdd94228
-
Size
844KB
-
Sample
230411-nbvt9sca67
-
MD5
452d6fa7c898585d6fe9a212b6f30aa7
-
SHA1
71bf6d4bb7bc5f47c66157d19db7b876cdf0f715
-
SHA256
4615c584ae485f250b22b7fc79e03de71fe66621c32a9cee0599db6bcdd94228
-
SHA512
49b9d04080a5ab0010292a24a13facc2388e25543d83f8bdf0d5e4da8d81f298eb9b0d962f6e37adc1c0b8c16d35f841dd2ffc27e068cde98ce3174cc9ac6586
-
SSDEEP
24576:ByRGc/vwevMGsIJvr06a6Y8LloQDjmmOCvYBli:0R/vwe0gop2S3LCvY
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
4615c584ae485f250b22b7fc79e03de71fe66621c32a9cee0599db6bcdd94228
-
Size
844KB
-
MD5
452d6fa7c898585d6fe9a212b6f30aa7
-
SHA1
71bf6d4bb7bc5f47c66157d19db7b876cdf0f715
-
SHA256
4615c584ae485f250b22b7fc79e03de71fe66621c32a9cee0599db6bcdd94228
-
SHA512
49b9d04080a5ab0010292a24a13facc2388e25543d83f8bdf0d5e4da8d81f298eb9b0d962f6e37adc1c0b8c16d35f841dd2ffc27e068cde98ce3174cc9ac6586
-
SSDEEP
24576:ByRGc/vwevMGsIJvr06a6Y8LloQDjmmOCvYBli:0R/vwe0gop2S3LCvY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-