General
-
Target
5cec5deb8cadb475beeb9acd861b19a8b8b8bc329d2e5289897db53e2a9218d8
-
Size
1.2MB
-
Sample
230318-hqs2bsbe76
-
MD5
e79a8c2f5d89efb2e41c4f945076cdb1
-
SHA1
67fb82a0d892f1571c62e03cb88c673e29eac5dd
-
SHA256
5cec5deb8cadb475beeb9acd861b19a8b8b8bc329d2e5289897db53e2a9218d8
-
SHA512
e0ddc66e264c9022fd50cdbcd9959ef31278ff86c20f410cd2c8636e21c85e9b9a4904a4ae9dbaad1eeed6565c238519b59244faef4af25b6e7ecb5cc1eb2e30
-
SSDEEP
24576:dBYpw+f4jYhediDYIgS56V0/xZLWFZX/SxcEJosQzZBLN0O5uX7a3U:dBY2tdMYepZZKTavn8B+O5uX7a
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
5cec5deb8cadb475beeb9acd861b19a8b8b8bc329d2e5289897db53e2a9218d8
-
Size
1.2MB
-
MD5
e79a8c2f5d89efb2e41c4f945076cdb1
-
SHA1
67fb82a0d892f1571c62e03cb88c673e29eac5dd
-
SHA256
5cec5deb8cadb475beeb9acd861b19a8b8b8bc329d2e5289897db53e2a9218d8
-
SHA512
e0ddc66e264c9022fd50cdbcd9959ef31278ff86c20f410cd2c8636e21c85e9b9a4904a4ae9dbaad1eeed6565c238519b59244faef4af25b6e7ecb5cc1eb2e30
-
SSDEEP
24576:dBYpw+f4jYhediDYIgS56V0/xZLWFZX/SxcEJosQzZBLN0O5uX7a3U:dBY2tdMYepZZKTavn8B+O5uX7a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-