General
-
Target
9a66832667a02b8419d2376744c9c5787e158522a0bf931048434bb2012a1222
-
Size
1002KB
-
Sample
230411-pl7ggsea8s
-
MD5
2d10819f296f050e1f0da72cee2b4a62
-
SHA1
52279aac586899ee6ca7dc0936b0206924c95056
-
SHA256
9a66832667a02b8419d2376744c9c5787e158522a0bf931048434bb2012a1222
-
SHA512
151d65fa8a8b6aab897d247bf2a47091998622f8d9c6a8394fc9310c368a40ee1995e3d0b67a9b532aba9a3aab176c172ef00f22f9c621add79decab50a01f58
-
SSDEEP
12288:EMr0y90Q7v+yIQ4wTuCP6dzHqveTYT/Fg/wa6d/6p9uGDvW8SToXpwhQoCR7IS1T:YyDVch2Uya8/yNW9UNlt1AN1bZiz/d
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
maxi
185.161.248.90:4125
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
9a66832667a02b8419d2376744c9c5787e158522a0bf931048434bb2012a1222
-
Size
1002KB
-
MD5
2d10819f296f050e1f0da72cee2b4a62
-
SHA1
52279aac586899ee6ca7dc0936b0206924c95056
-
SHA256
9a66832667a02b8419d2376744c9c5787e158522a0bf931048434bb2012a1222
-
SHA512
151d65fa8a8b6aab897d247bf2a47091998622f8d9c6a8394fc9310c368a40ee1995e3d0b67a9b532aba9a3aab176c172ef00f22f9c621add79decab50a01f58
-
SSDEEP
12288:EMr0y90Q7v+yIQ4wTuCP6dzHqveTYT/Fg/wa6d/6p9uGDvW8SToXpwhQoCR7IS1T:YyDVch2Uya8/yNW9UNlt1AN1bZiz/d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-