General
-
Target
111903c2bbc48505e1828774b0be57fa683da563ddf6818b614426317ef2d7a3
-
Size
1.2MB
-
Sample
230318-f8ekjsdd8s
-
MD5
7ede101705bc0faab86b40312c81a631
-
SHA1
52f42b9ecd1c7e0bade4c726b73551cb0da8bfb3
-
SHA256
111903c2bbc48505e1828774b0be57fa683da563ddf6818b614426317ef2d7a3
-
SHA512
5755f537ed0cb4bda60a0fa518cc5feac5366a93bd33334a13c123dda9b09fb0b0d59ec9b2fcde9a2d2c00c9fa54defba73cfa1548c1e0231091872a94d431ac
-
SSDEEP
24576:ynLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:yLNjLUd+bpBKqyc/GP
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
111903c2bbc48505e1828774b0be57fa683da563ddf6818b614426317ef2d7a3
-
Size
1.2MB
-
MD5
7ede101705bc0faab86b40312c81a631
-
SHA1
52f42b9ecd1c7e0bade4c726b73551cb0da8bfb3
-
SHA256
111903c2bbc48505e1828774b0be57fa683da563ddf6818b614426317ef2d7a3
-
SHA512
5755f537ed0cb4bda60a0fa518cc5feac5366a93bd33334a13c123dda9b09fb0b0d59ec9b2fcde9a2d2c00c9fa54defba73cfa1548c1e0231091872a94d431ac
-
SSDEEP
24576:ynLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:yLNjLUd+bpBKqyc/GP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-