General
-
Target
01cbca0d651556e0b514032b834e981d37ef26003bc26a64d5c41a1af33eb138
-
Size
1.2MB
-
Sample
230318-cbj7zsah23
-
MD5
8b7ac01b9246eeb5b5f171f018f25bec
-
SHA1
3f8877737c06125c2bd54d5b12a66f6e51a34225
-
SHA256
01cbca0d651556e0b514032b834e981d37ef26003bc26a64d5c41a1af33eb138
-
SHA512
aa8a1b0005929d650b24f23e8ef00fe8041418b80955107fd6cf33cb3963c70e95aa8af56654c5ae608461b08648a1b32a5fdf391338a769da7e010ecdce6ceb
-
SSDEEP
24576:j/2WGBYAAi70X42LDcFs2v/U4kKrT9dudKFtV:j7GH7Qxov/U49T9d
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
01cbca0d651556e0b514032b834e981d37ef26003bc26a64d5c41a1af33eb138
-
Size
1.2MB
-
MD5
8b7ac01b9246eeb5b5f171f018f25bec
-
SHA1
3f8877737c06125c2bd54d5b12a66f6e51a34225
-
SHA256
01cbca0d651556e0b514032b834e981d37ef26003bc26a64d5c41a1af33eb138
-
SHA512
aa8a1b0005929d650b24f23e8ef00fe8041418b80955107fd6cf33cb3963c70e95aa8af56654c5ae608461b08648a1b32a5fdf391338a769da7e010ecdce6ceb
-
SSDEEP
24576:j/2WGBYAAi70X42LDcFs2v/U4kKrT9dudKFtV:j7GH7Qxov/U49T9d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-