General
-
Target
826f873166c599ebc441063308732ec768ef2c1a05a7e9ced57f2413f5e6cc9a
-
Size
1.2MB
-
Sample
230317-3hyl3aad83
-
MD5
21460cc788ed47de2baf1c418a34b1f0
-
SHA1
025cab8962fce662367958d5ea15d11fae6077bb
-
SHA256
826f873166c599ebc441063308732ec768ef2c1a05a7e9ced57f2413f5e6cc9a
-
SHA512
ce6a9b5cd09d8a8a7dcc7931f8b2aa497d3235bcc6bf0114e4f6b594a825472a11ca85f4bde361f3b5c6f9239a2aa0bfb122456573ae0313ff0a42b6246d90b8
-
SSDEEP
24576:KR0UZCI3QO4SBX2HW6aKtofdutn6H/DsyM12qrkVI23iZix4+RAyLnH:KR0UZCmX4fW6aKoanJygrkVITH+z
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
826f873166c599ebc441063308732ec768ef2c1a05a7e9ced57f2413f5e6cc9a
-
Size
1.2MB
-
MD5
21460cc788ed47de2baf1c418a34b1f0
-
SHA1
025cab8962fce662367958d5ea15d11fae6077bb
-
SHA256
826f873166c599ebc441063308732ec768ef2c1a05a7e9ced57f2413f5e6cc9a
-
SHA512
ce6a9b5cd09d8a8a7dcc7931f8b2aa497d3235bcc6bf0114e4f6b594a825472a11ca85f4bde361f3b5c6f9239a2aa0bfb122456573ae0313ff0a42b6246d90b8
-
SSDEEP
24576:KR0UZCI3QO4SBX2HW6aKtofdutn6H/DsyM12qrkVI23iZix4+RAyLnH:KR0UZCmX4fW6aKoanJygrkVITH+z
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-