General
-
Target
e9ec17c27e5da7902e06488d0bb1258737fd0d3c1e3a996e39039ae6c8311b5c
-
Size
1.2MB
-
Sample
230317-2f7lhscc7v
-
MD5
30ebaf8465eefe2fdda5456efbe5868a
-
SHA1
27310ed399a2fab22e34a40576ebcd00da7aa825
-
SHA256
e9ec17c27e5da7902e06488d0bb1258737fd0d3c1e3a996e39039ae6c8311b5c
-
SHA512
60990e9fde61621ba69469daa53bd5f73c00392ff29c3cedd3003c1be2a0be87361e0a4363d38d2073b0048db71dd8e033826980a4ee367004debccc89b6a468
-
SSDEEP
24576:+gcL02I4/sr0X8KvEjUS3/XxExcPXxp2eCEpH:+gcL02Ix2SPX2+PX8
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
e9ec17c27e5da7902e06488d0bb1258737fd0d3c1e3a996e39039ae6c8311b5c
-
Size
1.2MB
-
MD5
30ebaf8465eefe2fdda5456efbe5868a
-
SHA1
27310ed399a2fab22e34a40576ebcd00da7aa825
-
SHA256
e9ec17c27e5da7902e06488d0bb1258737fd0d3c1e3a996e39039ae6c8311b5c
-
SHA512
60990e9fde61621ba69469daa53bd5f73c00392ff29c3cedd3003c1be2a0be87361e0a4363d38d2073b0048db71dd8e033826980a4ee367004debccc89b6a468
-
SSDEEP
24576:+gcL02I4/sr0X8KvEjUS3/XxExcPXxp2eCEpH:+gcL02Ix2SPX2+PX8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-