General
-
Target
38d5fad9dae258a25522d2fdc72e7284a9f6ebb761c5406cc475cd82cb2ba809
-
Size
1.2MB
-
Sample
230317-3xwq1sce6x
-
MD5
7b32ac26aa1c15a95dcf8e5eb8b6162a
-
SHA1
e69cca128e2c9fecb608a4da5205c3588ae7cfdc
-
SHA256
38d5fad9dae258a25522d2fdc72e7284a9f6ebb761c5406cc475cd82cb2ba809
-
SHA512
2f354b2009dd901c2e69482f9f112decc758acf35284f0d452afc3741ebbc1ba22b2941949f104c54163502eac4bc0eac629bac8d576618d0d26f444c5eec117
-
SSDEEP
24576:xR0UZCI3QO4SBX2HW6aKtofdutn6H/DsyM12qrkVI23iZix4+RAyLnH:xR0UZCmX4fW6aKoanJygrkVITH+z
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
38d5fad9dae258a25522d2fdc72e7284a9f6ebb761c5406cc475cd82cb2ba809
-
Size
1.2MB
-
MD5
7b32ac26aa1c15a95dcf8e5eb8b6162a
-
SHA1
e69cca128e2c9fecb608a4da5205c3588ae7cfdc
-
SHA256
38d5fad9dae258a25522d2fdc72e7284a9f6ebb761c5406cc475cd82cb2ba809
-
SHA512
2f354b2009dd901c2e69482f9f112decc758acf35284f0d452afc3741ebbc1ba22b2941949f104c54163502eac4bc0eac629bac8d576618d0d26f444c5eec117
-
SSDEEP
24576:xR0UZCI3QO4SBX2HW6aKtofdutn6H/DsyM12qrkVI23iZix4+RAyLnH:xR0UZCmX4fW6aKoanJygrkVITH+z
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-