General
-
Target
af972992247bceb05555701b809edd389d97016b8f067f3cbe65f1c96c223d1d
-
Size
1.2MB
-
Sample
230318-dwt4csda9w
-
MD5
eb07ab7cffbf8cccfa201aacca7c232d
-
SHA1
195d46756edf58307cfbb58f8478a89e1c971c13
-
SHA256
af972992247bceb05555701b809edd389d97016b8f067f3cbe65f1c96c223d1d
-
SHA512
c5e3bf81a35793b39d13543a1f98776e7a4246f253c6610d375b0ca2ccb8052b3a35b3ae013e159dce45150e6d73ea98cc545ba1340154099e9f0f1045a4111c
-
SSDEEP
24576:InLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:ILNjLUd+bpBKqyc/GP
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
af972992247bceb05555701b809edd389d97016b8f067f3cbe65f1c96c223d1d
-
Size
1.2MB
-
MD5
eb07ab7cffbf8cccfa201aacca7c232d
-
SHA1
195d46756edf58307cfbb58f8478a89e1c971c13
-
SHA256
af972992247bceb05555701b809edd389d97016b8f067f3cbe65f1c96c223d1d
-
SHA512
c5e3bf81a35793b39d13543a1f98776e7a4246f253c6610d375b0ca2ccb8052b3a35b3ae013e159dce45150e6d73ea98cc545ba1340154099e9f0f1045a4111c
-
SSDEEP
24576:InLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:ILNjLUd+bpBKqyc/GP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-