General
-
Target
5a4b775282fff862f1cfc0ac4ae43c70f9e1ae37cf7bd06cdc1edd48e74f502f
-
Size
1019KB
-
Sample
230323-152k5aae33
-
MD5
a189731b495096099518d55c0bbcdf51
-
SHA1
7175cd125279e77f017827f5d107bbb40c65c9dc
-
SHA256
5a4b775282fff862f1cfc0ac4ae43c70f9e1ae37cf7bd06cdc1edd48e74f502f
-
SHA512
772ea387d2755e834c3776968d579782cba1a900a0c099b1647a65d2f3c41fe775ee33fceedabf2ba877060d8f5fbba0913c2779ebb7f30bfd13894ebf18dcef
-
SSDEEP
24576:WyaFlc0fqUAb129cmdThsrE400M3FFokgx:laFl7qBbgn+s02okg
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
5a4b775282fff862f1cfc0ac4ae43c70f9e1ae37cf7bd06cdc1edd48e74f502f
-
Size
1019KB
-
MD5
a189731b495096099518d55c0bbcdf51
-
SHA1
7175cd125279e77f017827f5d107bbb40c65c9dc
-
SHA256
5a4b775282fff862f1cfc0ac4ae43c70f9e1ae37cf7bd06cdc1edd48e74f502f
-
SHA512
772ea387d2755e834c3776968d579782cba1a900a0c099b1647a65d2f3c41fe775ee33fceedabf2ba877060d8f5fbba0913c2779ebb7f30bfd13894ebf18dcef
-
SSDEEP
24576:WyaFlc0fqUAb129cmdThsrE400M3FFokgx:laFl7qBbgn+s02okg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-