General
-
Target
e3e351c764a736674888bda57406f5bba5a1c2cf3ea13bab1d8a8af4429abffa
-
Size
1.2MB
-
Sample
230318-l9w4waea3t
-
MD5
3ea8035bfaea320494b47f1ca4e4a8f4
-
SHA1
3582030eeacc33588777141306920807f61188c2
-
SHA256
e3e351c764a736674888bda57406f5bba5a1c2cf3ea13bab1d8a8af4429abffa
-
SHA512
6ae2f9b2e0a4d58e48facac37b3cd90bbadc2fc0849972a5b453836d3fb0cfa3e41bb604886b8796b1ef87487a7bd833b14c2a1e31055dc3e116cb7cfff319ab
-
SSDEEP
24576:MLqRgL+yBbTGv9bti2okQsRVs+CkD8r49sIH:M2RoOF42okQswM
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
e3e351c764a736674888bda57406f5bba5a1c2cf3ea13bab1d8a8af4429abffa
-
Size
1.2MB
-
MD5
3ea8035bfaea320494b47f1ca4e4a8f4
-
SHA1
3582030eeacc33588777141306920807f61188c2
-
SHA256
e3e351c764a736674888bda57406f5bba5a1c2cf3ea13bab1d8a8af4429abffa
-
SHA512
6ae2f9b2e0a4d58e48facac37b3cd90bbadc2fc0849972a5b453836d3fb0cfa3e41bb604886b8796b1ef87487a7bd833b14c2a1e31055dc3e116cb7cfff319ab
-
SSDEEP
24576:MLqRgL+yBbTGv9bti2okQsRVs+CkD8r49sIH:M2RoOF42okQswM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-