General
-
Target
a7ff9b7f38f148e0c00af722b8033263b4a2b9b9766025a70c9182917b0b387c
-
Size
1.5MB
-
Sample
230414-fcjvdshf4v
-
MD5
b31643a72a9c5b90b56ff51629f59933
-
SHA1
d048b60d520c7806366ace2e036be10c04750f17
-
SHA256
a7ff9b7f38f148e0c00af722b8033263b4a2b9b9766025a70c9182917b0b387c
-
SHA512
446910d5a25b6bac3a1f541a71956d0b2a0423d694e56c83b68cf5337479a3ed1aa2289c3394b0a7cc5118d3887d1a1718ce6f84e1876e2bdbc80dd7e6d46ad7
-
SSDEEP
24576:lyJP9+evygsQrqHk4lnwLWuHIG2C/bNzAlh4eJ8RaRtq32BvwN9qqSLb8yE6Z:AJ1+iuQrqHfruHIGtUlh4acaBiExb8y
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
amadey
3.70
193.201.9.43/plays/chapter/index.php
Extracted
redline
masi
185.161.248.90:4125
-
auth_value
6e26457e57602c4cf35356c36d8dd8e8
Targets
-
-
Target
a7ff9b7f38f148e0c00af722b8033263b4a2b9b9766025a70c9182917b0b387c
-
Size
1.5MB
-
MD5
b31643a72a9c5b90b56ff51629f59933
-
SHA1
d048b60d520c7806366ace2e036be10c04750f17
-
SHA256
a7ff9b7f38f148e0c00af722b8033263b4a2b9b9766025a70c9182917b0b387c
-
SHA512
446910d5a25b6bac3a1f541a71956d0b2a0423d694e56c83b68cf5337479a3ed1aa2289c3394b0a7cc5118d3887d1a1718ce6f84e1876e2bdbc80dd7e6d46ad7
-
SSDEEP
24576:lyJP9+evygsQrqHk4lnwLWuHIG2C/bNzAlh4eJ8RaRtq32BvwN9qqSLb8yE6Z:AJ1+iuQrqHfruHIGtUlh4acaBiExb8y
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-