General
-
Target
1312d038a5cdc9870facb2a3bb7cb0943c3285a05c982c88a695090a2bcd1b19
-
Size
843KB
-
Sample
230411-nvp35adh21
-
MD5
f480519022dd7a937c298707d71b65ed
-
SHA1
44c12bf9ee3e40273794a133a1eb793ecb08ae63
-
SHA256
1312d038a5cdc9870facb2a3bb7cb0943c3285a05c982c88a695090a2bcd1b19
-
SHA512
1b3d5cc8f350009053d58ec40d165000d5dda885de0832216b451afceccc11604f72986af3f3bf89da8b16baa1968a76660d73aeb665a822a8e7451d4ff55c7e
-
SSDEEP
12288:SMrxy90z6rFHmDz/A7o+BUZ2vER9Q0KzTL/C9Oc7P3nCDcxseJa0Eil+nL0dU8wC:rye6rUn0U+EOfrAOxD8sUaz9LG9Gas8
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
1312d038a5cdc9870facb2a3bb7cb0943c3285a05c982c88a695090a2bcd1b19
-
Size
843KB
-
MD5
f480519022dd7a937c298707d71b65ed
-
SHA1
44c12bf9ee3e40273794a133a1eb793ecb08ae63
-
SHA256
1312d038a5cdc9870facb2a3bb7cb0943c3285a05c982c88a695090a2bcd1b19
-
SHA512
1b3d5cc8f350009053d58ec40d165000d5dda885de0832216b451afceccc11604f72986af3f3bf89da8b16baa1968a76660d73aeb665a822a8e7451d4ff55c7e
-
SSDEEP
12288:SMrxy90z6rFHmDz/A7o+BUZ2vER9Q0KzTL/C9Oc7P3nCDcxseJa0Eil+nL0dU8wC:rye6rUn0U+EOfrAOxD8sUaz9LG9Gas8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-