General
-
Target
2f66027b1c32da91bb962617ca116c03109c1582cff6ef32759a751e21cd689a
-
Size
1.2MB
-
Sample
230414-kwc86shc49
-
MD5
d10803647e6ac1fcee5186444895924f
-
SHA1
5bf42516b1cb40d846df237ee978cb316d8fa484
-
SHA256
2f66027b1c32da91bb962617ca116c03109c1582cff6ef32759a751e21cd689a
-
SHA512
c96c3d856e75ef5e1780f44778648b2bd8fb65b3f360c8fdabb0b9c3865658147a44eb2c619e2bfba274d491bdf71af48828d6e5ac892492b621b20d54c8732c
-
SSDEEP
24576:5yConFqQkWlRwQKdf1C0QhPGII6OVqNr149N3TL3quNE7OmZ:sCon0T4RmC0oPGIjYqNr1Md7m
Static task
static1
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
disa
185.161.248.90:4125
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Targets
-
-
Target
2f66027b1c32da91bb962617ca116c03109c1582cff6ef32759a751e21cd689a
-
Size
1.2MB
-
MD5
d10803647e6ac1fcee5186444895924f
-
SHA1
5bf42516b1cb40d846df237ee978cb316d8fa484
-
SHA256
2f66027b1c32da91bb962617ca116c03109c1582cff6ef32759a751e21cd689a
-
SHA512
c96c3d856e75ef5e1780f44778648b2bd8fb65b3f360c8fdabb0b9c3865658147a44eb2c619e2bfba274d491bdf71af48828d6e5ac892492b621b20d54c8732c
-
SSDEEP
24576:5yConFqQkWlRwQKdf1C0QhPGII6OVqNr149N3TL3quNE7OmZ:sCon0T4RmC0oPGIjYqNr1Md7m
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-