General
-
Target
bca61e8ac3c154a521b02306d9c83450832bd8e1951063e90cf4cf9b899a955d
-
Size
1.2MB
-
Sample
230318-ns13lseb9s
-
MD5
9f6211ba8c9e214114323a07201e2015
-
SHA1
90f4d57bacacfeb7c0786291b9c768d8332a92d8
-
SHA256
bca61e8ac3c154a521b02306d9c83450832bd8e1951063e90cf4cf9b899a955d
-
SHA512
f7d5dff51664ded4542d5c5558c0a444cc0f132f91c182704c33578d8bd7e77c2e4ec059dcb3e6390f106e73ae5f3691996787dd5344f4aae55d7eece214ab4d
-
SSDEEP
24576:HLqRgL+yBbTGv9bti2okQsRVs+CkD8r49sIH:H2RoOF42okQswM
Static task
static1
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
bca61e8ac3c154a521b02306d9c83450832bd8e1951063e90cf4cf9b899a955d
-
Size
1.2MB
-
MD5
9f6211ba8c9e214114323a07201e2015
-
SHA1
90f4d57bacacfeb7c0786291b9c768d8332a92d8
-
SHA256
bca61e8ac3c154a521b02306d9c83450832bd8e1951063e90cf4cf9b899a955d
-
SHA512
f7d5dff51664ded4542d5c5558c0a444cc0f132f91c182704c33578d8bd7e77c2e4ec059dcb3e6390f106e73ae5f3691996787dd5344f4aae55d7eece214ab4d
-
SSDEEP
24576:HLqRgL+yBbTGv9bti2okQsRVs+CkD8r49sIH:H2RoOF42okQswM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-