General
-
Target
581cd82392753684dd20db1c488831aa01fd54226556a65264ca01bcb69d6f43
-
Size
1.2MB
-
Sample
230318-jb19tsbf33
-
MD5
b4d8179e24db24e1c01de366da84df95
-
SHA1
d712c0bc0fd95732e8cac591678b82e8691c2d80
-
SHA256
581cd82392753684dd20db1c488831aa01fd54226556a65264ca01bcb69d6f43
-
SHA512
1ae7a68b7f4e145794f43d7b7842aab527b4ede47e7c2c8230bb864dd2e22017f09c8e0d1d4302337e6cfa736a55762c87a0c442469d336a1a0d1bd866f0c9f3
-
SSDEEP
24576:03fA/X9x8NfB7bCvJpAaUQMz5itmXaZH/BV:0ISfBnyXAPFQis
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
581cd82392753684dd20db1c488831aa01fd54226556a65264ca01bcb69d6f43
-
Size
1.2MB
-
MD5
b4d8179e24db24e1c01de366da84df95
-
SHA1
d712c0bc0fd95732e8cac591678b82e8691c2d80
-
SHA256
581cd82392753684dd20db1c488831aa01fd54226556a65264ca01bcb69d6f43
-
SHA512
1ae7a68b7f4e145794f43d7b7842aab527b4ede47e7c2c8230bb864dd2e22017f09c8e0d1d4302337e6cfa736a55762c87a0c442469d336a1a0d1bd866f0c9f3
-
SSDEEP
24576:03fA/X9x8NfB7bCvJpAaUQMz5itmXaZH/BV:0ISfBnyXAPFQis
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-