General
-
Target
af0a3d5e9e20ed15ce7e9bd2bbb9415378490f105df1e761b0833c86ee9920bb
-
Size
1.2MB
-
Sample
230318-b2f3ksag76
-
MD5
aefa9b2b258d0ad4a1a4943cd66e9716
-
SHA1
feaa73567e3996a3c091feed8512ac3b2795e429
-
SHA256
af0a3d5e9e20ed15ce7e9bd2bbb9415378490f105df1e761b0833c86ee9920bb
-
SHA512
ac84eac97cc28faa9ca2c1456bf3df644c28437c3e0928fd8133304b6b3a5a9310b68a65a44dba11712c9a5b6693d765654cd23db30181063f48ce7f5d9a4e3b
-
SSDEEP
24576:N/2WGBYAAi70X42LDcFs2v/U4kKrT9dudKFtV:N7GH7Qxov/U49T9d
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
af0a3d5e9e20ed15ce7e9bd2bbb9415378490f105df1e761b0833c86ee9920bb
-
Size
1.2MB
-
MD5
aefa9b2b258d0ad4a1a4943cd66e9716
-
SHA1
feaa73567e3996a3c091feed8512ac3b2795e429
-
SHA256
af0a3d5e9e20ed15ce7e9bd2bbb9415378490f105df1e761b0833c86ee9920bb
-
SHA512
ac84eac97cc28faa9ca2c1456bf3df644c28437c3e0928fd8133304b6b3a5a9310b68a65a44dba11712c9a5b6693d765654cd23db30181063f48ce7f5d9a4e3b
-
SSDEEP
24576:N/2WGBYAAi70X42LDcFs2v/U4kKrT9dudKFtV:N7GH7Qxov/U49T9d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-