General
-
Target
ce3911ae67319572aa5471878ad469f551340e2ad9aaebbac112854c8fa2775c
-
Size
1.2MB
-
Sample
230318-hvz1fabe87
-
MD5
5545f4821faf60d0eaf3dd67d12ca527
-
SHA1
3aaed980b6d43d967bc0e4454e9a5e4b7d716b97
-
SHA256
ce3911ae67319572aa5471878ad469f551340e2ad9aaebbac112854c8fa2775c
-
SHA512
e19b72659682c73bfa40861ac68d73b8f38ddae5803c26c599cfecb88dd9323128c38c6026cef74330ec1bb03875a5231f2d29128259ce0f79617ac30ed826f3
-
SSDEEP
24576:I3fA/X9x8NfB7bCvJpAaUQMz5itmXaZH/BV:IISfBnyXAPFQis
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
ce3911ae67319572aa5471878ad469f551340e2ad9aaebbac112854c8fa2775c
-
Size
1.2MB
-
MD5
5545f4821faf60d0eaf3dd67d12ca527
-
SHA1
3aaed980b6d43d967bc0e4454e9a5e4b7d716b97
-
SHA256
ce3911ae67319572aa5471878ad469f551340e2ad9aaebbac112854c8fa2775c
-
SHA512
e19b72659682c73bfa40861ac68d73b8f38ddae5803c26c599cfecb88dd9323128c38c6026cef74330ec1bb03875a5231f2d29128259ce0f79617ac30ed826f3
-
SSDEEP
24576:I3fA/X9x8NfB7bCvJpAaUQMz5itmXaZH/BV:IISfBnyXAPFQis
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-