General
-
Target
b7b39966adbfd0b4e3167fd9aed550b9e4a41f444818f784d1fec163374173ed
-
Size
1.2MB
-
Sample
230318-azwjtacf6s
-
MD5
b6129d3f4791139b2604dd670c21fefa
-
SHA1
702724c79f601b6fa0d896a11ce107a4ce56770b
-
SHA256
b7b39966adbfd0b4e3167fd9aed550b9e4a41f444818f784d1fec163374173ed
-
SHA512
1b42e0ca67a69dd61c8632e18a3062f725de10f6d20629cfc06b5e0e4d9e152c3626fcd45f31d2870e5d444925d9351ce7f3739c2b33a1d8e7e3abf6374efb3a
-
SSDEEP
24576:fpQsfGjoufGJCgl9KDJU4x3FZHlc0nQAI7Hu7ecHHMnnxPiH7S:fh+0ufGQgl9ybfH2qQ1LqHohiH
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
b7b39966adbfd0b4e3167fd9aed550b9e4a41f444818f784d1fec163374173ed
-
Size
1.2MB
-
MD5
b6129d3f4791139b2604dd670c21fefa
-
SHA1
702724c79f601b6fa0d896a11ce107a4ce56770b
-
SHA256
b7b39966adbfd0b4e3167fd9aed550b9e4a41f444818f784d1fec163374173ed
-
SHA512
1b42e0ca67a69dd61c8632e18a3062f725de10f6d20629cfc06b5e0e4d9e152c3626fcd45f31d2870e5d444925d9351ce7f3739c2b33a1d8e7e3abf6374efb3a
-
SSDEEP
24576:fpQsfGjoufGJCgl9KDJU4x3FZHlc0nQAI7Hu7ecHHMnnxPiH7S:fh+0ufGQgl9ybfH2qQ1LqHohiH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-