General
-
Target
01fc9087574356e4757b44d7b721644caf5c65fae97f39b45d5f0e0a93b7e1c8
-
Size
1.2MB
-
Sample
230318-af9bkaae63
-
MD5
db324812b4ef5e7e5db4386a99d0b087
-
SHA1
4158748604e8ea791cf75427c73f3c7c48b3ce1d
-
SHA256
01fc9087574356e4757b44d7b721644caf5c65fae97f39b45d5f0e0a93b7e1c8
-
SHA512
4276710a260a552641fa5205505b714f6ff6fb786c9e8af5f29f3a0cb2a58665ff1fdaba02faeed361fd96f3516299382686a869e777726bcc502b412c0b0f52
-
SSDEEP
12288:L2sUhqaHos981Gi6zpPQtL93nQWsSUpca6mBK6dMEd+R8onLPrDDB+aWeTQnrHHH:6JmLOpPeglpRbBKa+PnDvernoZOx9mH
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
01fc9087574356e4757b44d7b721644caf5c65fae97f39b45d5f0e0a93b7e1c8
-
Size
1.2MB
-
MD5
db324812b4ef5e7e5db4386a99d0b087
-
SHA1
4158748604e8ea791cf75427c73f3c7c48b3ce1d
-
SHA256
01fc9087574356e4757b44d7b721644caf5c65fae97f39b45d5f0e0a93b7e1c8
-
SHA512
4276710a260a552641fa5205505b714f6ff6fb786c9e8af5f29f3a0cb2a58665ff1fdaba02faeed361fd96f3516299382686a869e777726bcc502b412c0b0f52
-
SSDEEP
12288:L2sUhqaHos981Gi6zpPQtL93nQWsSUpca6mBK6dMEd+R8onLPrDDB+aWeTQnrHHH:6JmLOpPeglpRbBKa+PnDvernoZOx9mH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-