General
-
Target
5479d13fd63b35f2a27885b13c3fd3272981bf3f198df6a3d127389da2492fb6
-
Size
1.1MB
-
Sample
230322-axcc6adh58
-
MD5
f36fc76ed965ebb71a8e6aa614e9825c
-
SHA1
7d649a04e678e52a25b8c9bb9b671ef67ef3486c
-
SHA256
5479d13fd63b35f2a27885b13c3fd3272981bf3f198df6a3d127389da2492fb6
-
SHA512
d9773ee071c1bd1ddb90ba221f4973c0f1d742e7e7998707c4b8cb3a63056a32ea8e582496deb48087d3a584e32a4439c1bde5ee716550c2d5575404a4d69f3a
-
SSDEEP
24576:5ylfYXhXUadXtcwdPtL9tEZ1tzN4IEpAx:slYxJNVPtL9tEPtR4IkA
Static task
static1
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
relon
193.233.20.30:4125
-
auth_value
17da69809725577b595e217ba006b869
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
5479d13fd63b35f2a27885b13c3fd3272981bf3f198df6a3d127389da2492fb6
-
Size
1.1MB
-
MD5
f36fc76ed965ebb71a8e6aa614e9825c
-
SHA1
7d649a04e678e52a25b8c9bb9b671ef67ef3486c
-
SHA256
5479d13fd63b35f2a27885b13c3fd3272981bf3f198df6a3d127389da2492fb6
-
SHA512
d9773ee071c1bd1ddb90ba221f4973c0f1d742e7e7998707c4b8cb3a63056a32ea8e582496deb48087d3a584e32a4439c1bde5ee716550c2d5575404a4d69f3a
-
SSDEEP
24576:5ylfYXhXUadXtcwdPtL9tEZ1tzN4IEpAx:slYxJNVPtL9tEPtR4IkA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-