General
-
Target
a9a821f87b99e0d70bdbcfe4ff7a0786a4c41f704e3fd1f2525a799478fe6879
-
Size
1.2MB
-
Sample
230318-etv4babb86
-
MD5
c681f3e304ce4f3435fc901a4d57eaf4
-
SHA1
52c513f0b80e4969a2bd50505c5a4f85102d61b5
-
SHA256
a9a821f87b99e0d70bdbcfe4ff7a0786a4c41f704e3fd1f2525a799478fe6879
-
SHA512
7f4de9a6e3dc5ca1dffa5b33772b0e66e32a1c95e166adb1e695e395e11c44a1a73d5764c9d05a4e2535ae9b4f95fc25a988d738089d75609e547b3cfc91b1ea
-
SSDEEP
24576:InLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:ILNjLUd+bpBKqyc/GP
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
a9a821f87b99e0d70bdbcfe4ff7a0786a4c41f704e3fd1f2525a799478fe6879
-
Size
1.2MB
-
MD5
c681f3e304ce4f3435fc901a4d57eaf4
-
SHA1
52c513f0b80e4969a2bd50505c5a4f85102d61b5
-
SHA256
a9a821f87b99e0d70bdbcfe4ff7a0786a4c41f704e3fd1f2525a799478fe6879
-
SHA512
7f4de9a6e3dc5ca1dffa5b33772b0e66e32a1c95e166adb1e695e395e11c44a1a73d5764c9d05a4e2535ae9b4f95fc25a988d738089d75609e547b3cfc91b1ea
-
SSDEEP
24576:InLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:ILNjLUd+bpBKqyc/GP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-