General
-
Target
9a3aba4ce4d13ea15f9063e8e67e2850e252ecf589342c62c2640418f00106ca
-
Size
1.2MB
-
Sample
230318-f69mxadd7y
-
MD5
3e3ec34b5e81d42818fba15f706cb2f4
-
SHA1
421675fe38b1f0fc64744f626413b01ccb704a70
-
SHA256
9a3aba4ce4d13ea15f9063e8e67e2850e252ecf589342c62c2640418f00106ca
-
SHA512
bd3e06973b9e1da4731e7875f447bbd61e38a018c25f29c9f48bc0cf2f6b5f3f234da05deef09fd9a2bfecae016b4d424824d6998a7f9dfc9ac7045e456286e4
-
SSDEEP
24576:inLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:iLNjLUd+bpBKqyc/GP
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
9a3aba4ce4d13ea15f9063e8e67e2850e252ecf589342c62c2640418f00106ca
-
Size
1.2MB
-
MD5
3e3ec34b5e81d42818fba15f706cb2f4
-
SHA1
421675fe38b1f0fc64744f626413b01ccb704a70
-
SHA256
9a3aba4ce4d13ea15f9063e8e67e2850e252ecf589342c62c2640418f00106ca
-
SHA512
bd3e06973b9e1da4731e7875f447bbd61e38a018c25f29c9f48bc0cf2f6b5f3f234da05deef09fd9a2bfecae016b4d424824d6998a7f9dfc9ac7045e456286e4
-
SSDEEP
24576:inLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:iLNjLUd+bpBKqyc/GP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-