General
-
Target
b2c1564d92d873f6efe834998b9929b00cf58dcbe4b871437a7ea18a733295cc
-
Size
992KB
-
Sample
230411-pchf1aea4s
-
MD5
5a34f57d167b956167913fca583b110d
-
SHA1
bebac3c0ae0386aeb58d31d58f62dbc787c24a87
-
SHA256
b2c1564d92d873f6efe834998b9929b00cf58dcbe4b871437a7ea18a733295cc
-
SHA512
0cefdf4aceaec457c27059915dc5b15d7e94f96fd46d64d19e6c523b6765a7e70df4a47548ac1541f7ebdf9db1c4e1ea6e8c95b695f13d3feb45d7166d6a6c5d
-
SSDEEP
24576:ty8UQWkGltGFfGN0tDDMEAg/LIun0R23:I8UQrGlWGNiDD0un0
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
maxi
185.161.248.90:4125
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
b2c1564d92d873f6efe834998b9929b00cf58dcbe4b871437a7ea18a733295cc
-
Size
992KB
-
MD5
5a34f57d167b956167913fca583b110d
-
SHA1
bebac3c0ae0386aeb58d31d58f62dbc787c24a87
-
SHA256
b2c1564d92d873f6efe834998b9929b00cf58dcbe4b871437a7ea18a733295cc
-
SHA512
0cefdf4aceaec457c27059915dc5b15d7e94f96fd46d64d19e6c523b6765a7e70df4a47548ac1541f7ebdf9db1c4e1ea6e8c95b695f13d3feb45d7166d6a6c5d
-
SSDEEP
24576:ty8UQWkGltGFfGN0tDDMEAg/LIun0R23:I8UQrGlWGNiDD0un0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-