General
-
Target
b70244fea9f723f13635af383885cb35bf285388898c6cf77dce78205bf7bee9
-
Size
1.2MB
-
Sample
230317-3bfgxacd8v
-
MD5
41c0ff0d4a7cf9c16389d7fb94125ac7
-
SHA1
0ed7500b62e290bd8b8dfe460b1afa95134e2ea9
-
SHA256
b70244fea9f723f13635af383885cb35bf285388898c6cf77dce78205bf7bee9
-
SHA512
5c94b5566870780e52227e91e1193f91792bd0899b39ac192b81e985f8f366e2da4bad73a8c6d3d2f1b73b7e49ea41a53c0556be4b64f1c1d184d2e9f0248ae4
-
SSDEEP
24576:6R0UZCI3QO4SBX2HW6aKtofdutn6H/DsyM12qrkVI23iZix4+RAyLnH:6R0UZCmX4fW6aKoanJygrkVITH+z
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
b70244fea9f723f13635af383885cb35bf285388898c6cf77dce78205bf7bee9
-
Size
1.2MB
-
MD5
41c0ff0d4a7cf9c16389d7fb94125ac7
-
SHA1
0ed7500b62e290bd8b8dfe460b1afa95134e2ea9
-
SHA256
b70244fea9f723f13635af383885cb35bf285388898c6cf77dce78205bf7bee9
-
SHA512
5c94b5566870780e52227e91e1193f91792bd0899b39ac192b81e985f8f366e2da4bad73a8c6d3d2f1b73b7e49ea41a53c0556be4b64f1c1d184d2e9f0248ae4
-
SSDEEP
24576:6R0UZCI3QO4SBX2HW6aKtofdutn6H/DsyM12qrkVI23iZix4+RAyLnH:6R0UZCmX4fW6aKoanJygrkVITH+z
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-