General
-
Target
e8a10a7c507ee5bcad1209baa92c9334c35ea5bdb16a74a1e763bb939e9ccb2f
-
Size
1.2MB
-
Sample
230318-ahws9ace7z
-
MD5
1aa19e1709f5bf79aae55375110077b4
-
SHA1
51d01e2308e868be50bd3af35bd8262f3636a442
-
SHA256
e8a10a7c507ee5bcad1209baa92c9334c35ea5bdb16a74a1e763bb939e9ccb2f
-
SHA512
dc2f69e88cfd42332fa2cd9a8e8d9ce06010d7b9da356b43dbfcb9f616cb23534d6534c7b715c3dab4b0ead4198e987d1cd205de90da7af19ee76ccaa502df51
-
SSDEEP
24576:+pQsfGjoufGJCgl9KDJU4x3FZHlc0nQAI7Hu7ecHHMnnxPiH7S:+h+0ufGQgl9ybfH2qQ1LqHohiH
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
e8a10a7c507ee5bcad1209baa92c9334c35ea5bdb16a74a1e763bb939e9ccb2f
-
Size
1.2MB
-
MD5
1aa19e1709f5bf79aae55375110077b4
-
SHA1
51d01e2308e868be50bd3af35bd8262f3636a442
-
SHA256
e8a10a7c507ee5bcad1209baa92c9334c35ea5bdb16a74a1e763bb939e9ccb2f
-
SHA512
dc2f69e88cfd42332fa2cd9a8e8d9ce06010d7b9da356b43dbfcb9f616cb23534d6534c7b715c3dab4b0ead4198e987d1cd205de90da7af19ee76ccaa502df51
-
SSDEEP
24576:+pQsfGjoufGJCgl9KDJU4x3FZHlc0nQAI7Hu7ecHHMnnxPiH7S:+h+0ufGQgl9ybfH2qQ1LqHohiH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-