General
-
Target
cd7748abd1d2e272ddb46107bf0cdf5ecfbc0273c0e41e7b81d7326b7395b7b2
-
Size
1.2MB
-
Sample
230318-jzfm2adg3t
-
MD5
8f31de4742f401c9f3462e5aa35e7157
-
SHA1
8b869f54d42200e5ce1cee309625abf55111604e
-
SHA256
cd7748abd1d2e272ddb46107bf0cdf5ecfbc0273c0e41e7b81d7326b7395b7b2
-
SHA512
583ef9d1eba56c85266a1af03d9fe1d8579bd4b32d2014155b6cd6e6c2e157b5b852fb884e39524b32d849095d332b749dd5bae96b80410c012c89ad5ef8baf6
-
SSDEEP
24576:X3fA/X9x8NfB7bCvJpAaUQMz5itmXaZH/BV:XISfBnyXAPFQis
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
cd7748abd1d2e272ddb46107bf0cdf5ecfbc0273c0e41e7b81d7326b7395b7b2
-
Size
1.2MB
-
MD5
8f31de4742f401c9f3462e5aa35e7157
-
SHA1
8b869f54d42200e5ce1cee309625abf55111604e
-
SHA256
cd7748abd1d2e272ddb46107bf0cdf5ecfbc0273c0e41e7b81d7326b7395b7b2
-
SHA512
583ef9d1eba56c85266a1af03d9fe1d8579bd4b32d2014155b6cd6e6c2e157b5b852fb884e39524b32d849095d332b749dd5bae96b80410c012c89ad5ef8baf6
-
SSDEEP
24576:X3fA/X9x8NfB7bCvJpAaUQMz5itmXaZH/BV:XISfBnyXAPFQis
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-