General
-
Target
ca2bfd34ad7006890efe602f07b795b9533334104ba6905076bda0585b2a7031
-
Size
1.3MB
-
Sample
230321-vpsqdseb41
-
MD5
1fb73be5f46449e0ba33784b8bb2e78c
-
SHA1
8794a5a0f7f9884f668faf076312c6c53ef80897
-
SHA256
ca2bfd34ad7006890efe602f07b795b9533334104ba6905076bda0585b2a7031
-
SHA512
5bef7f38d867be421c2f7fb79b9e2ab521d5578be72eab4c9e00d00342e991851f7c1148b62ddf98fd4dab4bc170529424351de0a0b69053f62a9af6f3555e9a
-
SSDEEP
24576:botPC0g7RqtB09YBRwA/IJdqoKs/3eqc56RN0+f/gGrv:bCg7Rb9YLj+LGrsR
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
ca2bfd34ad7006890efe602f07b795b9533334104ba6905076bda0585b2a7031
-
Size
1.3MB
-
MD5
1fb73be5f46449e0ba33784b8bb2e78c
-
SHA1
8794a5a0f7f9884f668faf076312c6c53ef80897
-
SHA256
ca2bfd34ad7006890efe602f07b795b9533334104ba6905076bda0585b2a7031
-
SHA512
5bef7f38d867be421c2f7fb79b9e2ab521d5578be72eab4c9e00d00342e991851f7c1148b62ddf98fd4dab4bc170529424351de0a0b69053f62a9af6f3555e9a
-
SSDEEP
24576:botPC0g7RqtB09YBRwA/IJdqoKs/3eqc56RN0+f/gGrv:bCg7Rb9YLj+LGrsR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-