General
-
Target
b294e479069491a7d65a7135e4bfd52fe2ffae59b2b15a5c559ea41e8fbf6e6e
-
Size
1.2MB
-
Sample
230318-lkz48sdh51
-
MD5
8712c8fade263512963857bcd766edc7
-
SHA1
cd75511add64ad4ecfb074bfe4b1e271bddeb2aa
-
SHA256
b294e479069491a7d65a7135e4bfd52fe2ffae59b2b15a5c559ea41e8fbf6e6e
-
SHA512
8cc44ff636a78bcbf0f66a8fbdfb56d499f84fe11325fb40bc6c5f60abe1e32ef3f63183f5bbfd9e5252b7b01665c7510958ab640ed09d3bf2fe6205ee5c5d12
-
SSDEEP
24576:meIyKiLo5UtlhGsTlTEj/g6YvGwIvkSunwjxV7i3EV:mP5iElQlTE86dwIMSunwr
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
b294e479069491a7d65a7135e4bfd52fe2ffae59b2b15a5c559ea41e8fbf6e6e
-
Size
1.2MB
-
MD5
8712c8fade263512963857bcd766edc7
-
SHA1
cd75511add64ad4ecfb074bfe4b1e271bddeb2aa
-
SHA256
b294e479069491a7d65a7135e4bfd52fe2ffae59b2b15a5c559ea41e8fbf6e6e
-
SHA512
8cc44ff636a78bcbf0f66a8fbdfb56d499f84fe11325fb40bc6c5f60abe1e32ef3f63183f5bbfd9e5252b7b01665c7510958ab640ed09d3bf2fe6205ee5c5d12
-
SSDEEP
24576:meIyKiLo5UtlhGsTlTEj/g6YvGwIvkSunwjxV7i3EV:mP5iElQlTE86dwIMSunwr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-