General
-
Target
477f499a15b86aca933fdfde92b4b8f0542aa5f5af242b45e0b1e1fcad72f8c6
-
Size
1.2MB
-
Sample
230318-lh5lyadh5x
-
MD5
efc4e1696c05da34e03351216ebbd478
-
SHA1
4e4010caf1a624489c2094dd7bbcc459ffedf7ad
-
SHA256
477f499a15b86aca933fdfde92b4b8f0542aa5f5af242b45e0b1e1fcad72f8c6
-
SHA512
328fbc73d6df13302e7cfc478f0380d9d28a889c50f77e05edc751d9ab6548342e5bd0e2128cf78489cef29110a5303552061f6eb7a79369b9d9f66fff635668
-
SSDEEP
24576:ieIyKiLo5UtlhGsTlTEj/g6YvGwIvkSunwjxV7i3EV:iP5iElQlTE86dwIMSunwr
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
477f499a15b86aca933fdfde92b4b8f0542aa5f5af242b45e0b1e1fcad72f8c6
-
Size
1.2MB
-
MD5
efc4e1696c05da34e03351216ebbd478
-
SHA1
4e4010caf1a624489c2094dd7bbcc459ffedf7ad
-
SHA256
477f499a15b86aca933fdfde92b4b8f0542aa5f5af242b45e0b1e1fcad72f8c6
-
SHA512
328fbc73d6df13302e7cfc478f0380d9d28a889c50f77e05edc751d9ab6548342e5bd0e2128cf78489cef29110a5303552061f6eb7a79369b9d9f66fff635668
-
SSDEEP
24576:ieIyKiLo5UtlhGsTlTEj/g6YvGwIvkSunwjxV7i3EV:iP5iElQlTE86dwIMSunwr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-