General
-
Target
29276b62aad766a3a9f46cd675b27cb0cdaaa7d6b5753dbee0d7fd2782716edf
-
Size
980KB
-
Sample
230411-nw1agscb72
-
MD5
11f06274e00bfac7ad19d2d9d62f28eb
-
SHA1
cba45d75dc9a0d8b4ddc9ea4fbe1fbf4c3104ed5
-
SHA256
29276b62aad766a3a9f46cd675b27cb0cdaaa7d6b5753dbee0d7fd2782716edf
-
SHA512
e011d85917061640f5e2a294b3035f048882b04ed591cbbe211c870e8a06dd8dadfe1b645358e71f3e48831e5d88d93fa41065fe85ed77c51533d8affc44a92f
-
SSDEEP
24576:tye7V4ofyiQzKgMd7gkZdDf56NvFNYAXVX:ILiQDMd7jdDfSNr
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
29276b62aad766a3a9f46cd675b27cb0cdaaa7d6b5753dbee0d7fd2782716edf
-
Size
980KB
-
MD5
11f06274e00bfac7ad19d2d9d62f28eb
-
SHA1
cba45d75dc9a0d8b4ddc9ea4fbe1fbf4c3104ed5
-
SHA256
29276b62aad766a3a9f46cd675b27cb0cdaaa7d6b5753dbee0d7fd2782716edf
-
SHA512
e011d85917061640f5e2a294b3035f048882b04ed591cbbe211c870e8a06dd8dadfe1b645358e71f3e48831e5d88d93fa41065fe85ed77c51533d8affc44a92f
-
SSDEEP
24576:tye7V4ofyiQzKgMd7gkZdDf56NvFNYAXVX:ILiQDMd7jdDfSNr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-