General
-
Target
f4d2efb8491a4fcb3fb9241d2ae028262e9d8d8c6903891e5952bdaf516c912b
-
Size
1.2MB
-
Sample
230318-fxl59add4z
-
MD5
41871292b6df7b0d45fb1c592ae4eed5
-
SHA1
663e2ae72c67844a5b9331b2f27e476ed0b78237
-
SHA256
f4d2efb8491a4fcb3fb9241d2ae028262e9d8d8c6903891e5952bdaf516c912b
-
SHA512
b030b7a5cae21f1df209bbbca7f6117a59670f2b6717c80d1bf93859233089487fc540b7714ce80dc185c91598a451c82b5e6c0cb81d1e9a9061901f10080e5a
-
SSDEEP
24576:InLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:ILNjLUd+bpBKqyc/GP
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
f4d2efb8491a4fcb3fb9241d2ae028262e9d8d8c6903891e5952bdaf516c912b
-
Size
1.2MB
-
MD5
41871292b6df7b0d45fb1c592ae4eed5
-
SHA1
663e2ae72c67844a5b9331b2f27e476ed0b78237
-
SHA256
f4d2efb8491a4fcb3fb9241d2ae028262e9d8d8c6903891e5952bdaf516c912b
-
SHA512
b030b7a5cae21f1df209bbbca7f6117a59670f2b6717c80d1bf93859233089487fc540b7714ce80dc185c91598a451c82b5e6c0cb81d1e9a9061901f10080e5a
-
SSDEEP
24576:InLCqjLUI8q58upBK+vy+S2/Z8qqBrvDIV:ILNjLUd+bpBKqyc/GP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-