General
-
Target
1cc467c4d817d804c56b6509f394b0a8109d43a2a228d542b6b46c1e7197a910
-
Size
981KB
-
Sample
230411-nz117acb85
-
MD5
6a7b73e00b29ff765e11e68bdb559dd4
-
SHA1
2123c8330e24f39057655a6e8db0721b0c7eaa5e
-
SHA256
1cc467c4d817d804c56b6509f394b0a8109d43a2a228d542b6b46c1e7197a910
-
SHA512
31d2b204c2fe1d321d5f90827424496d11c5ff77914d7babdf49306ff49f4551a2082ef8926d0647c1547332e5a7ed7e15430274a3f192cbffba85b5429d28ac
-
SSDEEP
12288:FMrhy909+pUcOkWiVlfYnxtzUhO0ukaHmvIMTTdkmDZxBeXmHy83CLpPEVmpy:YyGBElf8GEQI2nDDBGmS5dy
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
1cc467c4d817d804c56b6509f394b0a8109d43a2a228d542b6b46c1e7197a910
-
Size
981KB
-
MD5
6a7b73e00b29ff765e11e68bdb559dd4
-
SHA1
2123c8330e24f39057655a6e8db0721b0c7eaa5e
-
SHA256
1cc467c4d817d804c56b6509f394b0a8109d43a2a228d542b6b46c1e7197a910
-
SHA512
31d2b204c2fe1d321d5f90827424496d11c5ff77914d7babdf49306ff49f4551a2082ef8926d0647c1547332e5a7ed7e15430274a3f192cbffba85b5429d28ac
-
SSDEEP
12288:FMrhy909+pUcOkWiVlfYnxtzUhO0ukaHmvIMTTdkmDZxBeXmHy83CLpPEVmpy:YyGBElf8GEQI2nDDBGmS5dy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-