General
-
Target
509be95608d0a3e697f8919fbc192616e970c2c8213b657e94d34f953d937f7a
-
Size
1.3MB
-
Sample
230321-wxswssed5t
-
MD5
914ddd71a3832ee409f31ad73573a96b
-
SHA1
129ac018e551ba572e7c8af7e8813c9205104f11
-
SHA256
509be95608d0a3e697f8919fbc192616e970c2c8213b657e94d34f953d937f7a
-
SHA512
a4e02bb2266fd140936c9286943ced846cdd5591a8a2d11075e639a61a401011b93e3d63cac36b71b3e76ae341ce6a7c18ca5c991baac67c2f79bbe6dc6fe30f
-
SSDEEP
24576:BF1nHyFZau43z3+pRsoJXSUMHI1ogR6ghfPfu7z5f3:BY43b+L1gUMHIugMYf2
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
509be95608d0a3e697f8919fbc192616e970c2c8213b657e94d34f953d937f7a
-
Size
1.3MB
-
MD5
914ddd71a3832ee409f31ad73573a96b
-
SHA1
129ac018e551ba572e7c8af7e8813c9205104f11
-
SHA256
509be95608d0a3e697f8919fbc192616e970c2c8213b657e94d34f953d937f7a
-
SHA512
a4e02bb2266fd140936c9286943ced846cdd5591a8a2d11075e639a61a401011b93e3d63cac36b71b3e76ae341ce6a7c18ca5c991baac67c2f79bbe6dc6fe30f
-
SSDEEP
24576:BF1nHyFZau43z3+pRsoJXSUMHI1ogR6ghfPfu7z5f3:BY43b+L1gUMHIugMYf2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-