General
-
Target
4e19845e12e626fd826753358c178fd2f68d7b8cfde5eeabf4a9496489d9c08d
-
Size
1011KB
-
Sample
230322-xkl36acf21
-
MD5
25f1d9dacc2e7e9bae5a12b8a61e257b
-
SHA1
fc45f798c8325c0cd4178eac2f7f467cbe7010d8
-
SHA256
4e19845e12e626fd826753358c178fd2f68d7b8cfde5eeabf4a9496489d9c08d
-
SHA512
7ed034787c40150debbfc5ae49f30f406571f4e0421a57564b80cad30a08b8936edc6e2169442955c340e8564b4eca0f1983e883c87017740cf4f8a8a855ad68
-
SSDEEP
24576:YyiTPvbTxVW27kxOTv2jQGgshANKZ7NHuRIZ3hTq7:ferPBZehbBuCZ
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
maxi
193.233.20.30:4125
-
auth_value
6e90da232d4c2e35c1a36c250f5f8904
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
4e19845e12e626fd826753358c178fd2f68d7b8cfde5eeabf4a9496489d9c08d
-
Size
1011KB
-
MD5
25f1d9dacc2e7e9bae5a12b8a61e257b
-
SHA1
fc45f798c8325c0cd4178eac2f7f467cbe7010d8
-
SHA256
4e19845e12e626fd826753358c178fd2f68d7b8cfde5eeabf4a9496489d9c08d
-
SHA512
7ed034787c40150debbfc5ae49f30f406571f4e0421a57564b80cad30a08b8936edc6e2169442955c340e8564b4eca0f1983e883c87017740cf4f8a8a855ad68
-
SSDEEP
24576:YyiTPvbTxVW27kxOTv2jQGgshANKZ7NHuRIZ3hTq7:ferPBZehbBuCZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-