General
-
Target
5f8517fefdbe0f403214499fe8c299d67bf2b2786cce660c5254046f5411a1f1
-
Size
1.2MB
-
Sample
230318-nk5e3aeb6w
-
MD5
6c5c7c864e71ed778939406c492e2668
-
SHA1
024dd4f398ee7f07b7356085946e11be6fdc6685
-
SHA256
5f8517fefdbe0f403214499fe8c299d67bf2b2786cce660c5254046f5411a1f1
-
SHA512
08cf91c4491a7f3453ffc885c6f804460dec90845748f5b818f6a5a7c4158d2a0d40f2c821b9374a69e9832c991c6a042a8f5aa232e55fffa009f75787b54cfd
-
SSDEEP
24576:nLqRgL+yBbTGv9bti2okQsRVs+CkD8r49sIH:n2RoOF42okQswM
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
5f8517fefdbe0f403214499fe8c299d67bf2b2786cce660c5254046f5411a1f1
-
Size
1.2MB
-
MD5
6c5c7c864e71ed778939406c492e2668
-
SHA1
024dd4f398ee7f07b7356085946e11be6fdc6685
-
SHA256
5f8517fefdbe0f403214499fe8c299d67bf2b2786cce660c5254046f5411a1f1
-
SHA512
08cf91c4491a7f3453ffc885c6f804460dec90845748f5b818f6a5a7c4158d2a0d40f2c821b9374a69e9832c991c6a042a8f5aa232e55fffa009f75787b54cfd
-
SSDEEP
24576:nLqRgL+yBbTGv9bti2okQsRVs+CkD8r49sIH:n2RoOF42okQswM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-