General
-
Target
1df10f31db18721b5fe3f909a5c7a16e152f9c42882fd1282d55204a2c59a3f9
-
Size
1.2MB
-
Sample
230318-a5kdqsaf52
-
MD5
39b03443b69d75cc80c45ab2a19b001b
-
SHA1
c2afe78863cf89433f104d61c5c9a1a1e2428747
-
SHA256
1df10f31db18721b5fe3f909a5c7a16e152f9c42882fd1282d55204a2c59a3f9
-
SHA512
c7d23a27d881a869e774229a5ccc1e09899a0e2728049dc9c78f45a9560bfc0b8a75817c6457e896983555c0bca0cf5b82533506d53f143afff654a71107d4fe
-
SSDEEP
24576:wo+BuoxpUBH8LNgZlSrq/SBxO5ZemkF0ol5LZchOIS:w+oxGBcLNg6q/CxsgRjlncE
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
1df10f31db18721b5fe3f909a5c7a16e152f9c42882fd1282d55204a2c59a3f9
-
Size
1.2MB
-
MD5
39b03443b69d75cc80c45ab2a19b001b
-
SHA1
c2afe78863cf89433f104d61c5c9a1a1e2428747
-
SHA256
1df10f31db18721b5fe3f909a5c7a16e152f9c42882fd1282d55204a2c59a3f9
-
SHA512
c7d23a27d881a869e774229a5ccc1e09899a0e2728049dc9c78f45a9560bfc0b8a75817c6457e896983555c0bca0cf5b82533506d53f143afff654a71107d4fe
-
SSDEEP
24576:wo+BuoxpUBH8LNgZlSrq/SBxO5ZemkF0ol5LZchOIS:w+oxGBcLNg6q/CxsgRjlncE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-