General
-
Target
e2d0c7970bae86c26b80bb05a9a355a7ba1eb200cd557e750f205ad9b79b105e
-
Size
844KB
-
Sample
230411-ncrt1aca74
-
MD5
94533c10e75b250aea4013b051a9af37
-
SHA1
7b12129099e36cd1b75b048e680ebf6fe934a0b8
-
SHA256
e2d0c7970bae86c26b80bb05a9a355a7ba1eb200cd557e750f205ad9b79b105e
-
SHA512
c2c4f7026e759026f564d744dcfea95dda498842a8f7eca4b4a5a49334906e6a5f7fa4920f524defe3fae11db8ef9b408b608c1ca427a51b67a94525fee19f7d
-
SSDEEP
12288:6MrXy90djYaqaqr79+4hGboOD1m/rbB6rQ1gIRPjvFST3kEaSSZER7i6:Vy0kaqaPeEoORmrd6rFIRrvQTr6i77
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
e2d0c7970bae86c26b80bb05a9a355a7ba1eb200cd557e750f205ad9b79b105e
-
Size
844KB
-
MD5
94533c10e75b250aea4013b051a9af37
-
SHA1
7b12129099e36cd1b75b048e680ebf6fe934a0b8
-
SHA256
e2d0c7970bae86c26b80bb05a9a355a7ba1eb200cd557e750f205ad9b79b105e
-
SHA512
c2c4f7026e759026f564d744dcfea95dda498842a8f7eca4b4a5a49334906e6a5f7fa4920f524defe3fae11db8ef9b408b608c1ca427a51b67a94525fee19f7d
-
SSDEEP
12288:6MrXy90djYaqaqr79+4hGboOD1m/rbB6rQ1gIRPjvFST3kEaSSZER7i6:Vy0kaqaPeEoORmrd6rFIRrvQTr6i77
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-