General
-
Target
904d93615135edd4a96d5efe6b55d401affe15dd6ec59432ddb42215d3b7f06a
-
Size
1.2MB
-
Sample
230318-eg92psdb6t
-
MD5
b9c69302456292c5ae3136ee9df408e0
-
SHA1
7eebe488191672c34d670bfa14f8577cc4c9d803
-
SHA256
904d93615135edd4a96d5efe6b55d401affe15dd6ec59432ddb42215d3b7f06a
-
SHA512
8580ce57bb16fa45f70d5d789f298fc3f7db9e520e38317450f3d452f2e7365da9802ca1ee59e1a56cbcb293fa512b047c481b4d462867ca5b028526cd8d0184
-
SSDEEP
24576:gnLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:gLNjLUd+bpBKqyc/GP
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
904d93615135edd4a96d5efe6b55d401affe15dd6ec59432ddb42215d3b7f06a
-
Size
1.2MB
-
MD5
b9c69302456292c5ae3136ee9df408e0
-
SHA1
7eebe488191672c34d670bfa14f8577cc4c9d803
-
SHA256
904d93615135edd4a96d5efe6b55d401affe15dd6ec59432ddb42215d3b7f06a
-
SHA512
8580ce57bb16fa45f70d5d789f298fc3f7db9e520e38317450f3d452f2e7365da9802ca1ee59e1a56cbcb293fa512b047c481b4d462867ca5b028526cd8d0184
-
SSDEEP
24576:gnLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:gLNjLUd+bpBKqyc/GP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-