General
-
Target
4ddc3a9a22b491504be0d1a87aff502275a5ed3fc83d469323ce6e91a63d651d
-
Size
1.2MB
-
Sample
230318-dxep3aba78
-
MD5
60e92198b701d0efdc51158f4ba59723
-
SHA1
2384770a73551ce399cdf3d39fa4b31aff12cb86
-
SHA256
4ddc3a9a22b491504be0d1a87aff502275a5ed3fc83d469323ce6e91a63d651d
-
SHA512
22d579303b7f7c80552335d7a0cbae3d9bed578fab59ef8edfa18c2894da0007c94102f9c358ea5fd26a9ea5390e4ac01e1b7910350ba810ea35efaa8919ced3
-
SSDEEP
24576:QnLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:QLNjLUd+bpBKqyc/GP
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
4ddc3a9a22b491504be0d1a87aff502275a5ed3fc83d469323ce6e91a63d651d
-
Size
1.2MB
-
MD5
60e92198b701d0efdc51158f4ba59723
-
SHA1
2384770a73551ce399cdf3d39fa4b31aff12cb86
-
SHA256
4ddc3a9a22b491504be0d1a87aff502275a5ed3fc83d469323ce6e91a63d651d
-
SHA512
22d579303b7f7c80552335d7a0cbae3d9bed578fab59ef8edfa18c2894da0007c94102f9c358ea5fd26a9ea5390e4ac01e1b7910350ba810ea35efaa8919ced3
-
SSDEEP
24576:QnLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:QLNjLUd+bpBKqyc/GP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-