General
-
Target
b786db1fe87923f8ab84a7080c000ff139191f91ab2ec0efc1ac4b59aa72bee4
-
Size
1.2MB
-
Sample
230318-j2qwsadg3x
-
MD5
f6e8d3c1081c264cc7eeec93021b89cd
-
SHA1
332420c4638a373434a2c7fc4dedcf63962c4766
-
SHA256
b786db1fe87923f8ab84a7080c000ff139191f91ab2ec0efc1ac4b59aa72bee4
-
SHA512
8faf5985f1f47ba44047d64f08c00a38c4605f27be0ef5087095d7db0a0a71a726acd8ef8eb4ad9d9c9ce856e281f1c827c4ed496776feee68bc1814b65b09c8
-
SSDEEP
24576:S3fA/X9x8NfB7bCvJpAaUQMz5itmXaZH/BV:SISfBnyXAPFQis
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
b786db1fe87923f8ab84a7080c000ff139191f91ab2ec0efc1ac4b59aa72bee4
-
Size
1.2MB
-
MD5
f6e8d3c1081c264cc7eeec93021b89cd
-
SHA1
332420c4638a373434a2c7fc4dedcf63962c4766
-
SHA256
b786db1fe87923f8ab84a7080c000ff139191f91ab2ec0efc1ac4b59aa72bee4
-
SHA512
8faf5985f1f47ba44047d64f08c00a38c4605f27be0ef5087095d7db0a0a71a726acd8ef8eb4ad9d9c9ce856e281f1c827c4ed496776feee68bc1814b65b09c8
-
SSDEEP
24576:S3fA/X9x8NfB7bCvJpAaUQMz5itmXaZH/BV:SISfBnyXAPFQis
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-