General
-
Target
cc41fec0f529c0fb6008584ae079d735cca261e5c3a57e53609ec3fbab9faa1b
-
Size
1.2MB
-
Sample
230318-gx1t3sbd98
-
MD5
2e4e04338bd52a6815dc2c88960a11ef
-
SHA1
bb810dfb544142e19d7901f63f459e379cee2a5b
-
SHA256
cc41fec0f529c0fb6008584ae079d735cca261e5c3a57e53609ec3fbab9faa1b
-
SHA512
a9c94b1268105b9385fcd09a3cca124b0af79c252a45ca81d4a90cfd8606429f1e9c77cf29820e63f74e9ca437319cbac457ffdf21c41aa75cc1168fb5458743
-
SSDEEP
24576:G+epUCH7to5fFMTy3tG2yAkU9ueUQ7JqaWIR1t88l8zXPekgvzpV:G+WUCHJoBFbw2Pf8rQdqIRjl2Kk
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
cc41fec0f529c0fb6008584ae079d735cca261e5c3a57e53609ec3fbab9faa1b
-
Size
1.2MB
-
MD5
2e4e04338bd52a6815dc2c88960a11ef
-
SHA1
bb810dfb544142e19d7901f63f459e379cee2a5b
-
SHA256
cc41fec0f529c0fb6008584ae079d735cca261e5c3a57e53609ec3fbab9faa1b
-
SHA512
a9c94b1268105b9385fcd09a3cca124b0af79c252a45ca81d4a90cfd8606429f1e9c77cf29820e63f74e9ca437319cbac457ffdf21c41aa75cc1168fb5458743
-
SSDEEP
24576:G+epUCH7to5fFMTy3tG2yAkU9ueUQ7JqaWIR1t88l8zXPekgvzpV:G+WUCHJoBFbw2Pf8rQdqIRjl2Kk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-