General
-
Target
e0543ae149ecd62090db0d4df2989e4e6bb14d39e70801a80207f5241b133398
-
Size
1.0MB
-
Sample
230323-25w63scg51
-
MD5
94bef4fe59ea7d603b11e8e8484fc0de
-
SHA1
70cbe1c65de8b4dcd4b4779f0cfec5e0e7a51e3c
-
SHA256
e0543ae149ecd62090db0d4df2989e4e6bb14d39e70801a80207f5241b133398
-
SHA512
c6eeb8c73c7248b316c2766ef93467f1deb50c27dc743128ef5d0593282cd39d5b86e24f088ae9889cb31bcbb05c787e750cd561b52bd657ec22b2d32c41b1a4
-
SSDEEP
24576:cyTX/KWgFgU+NRczddPKVCv3ZHlMwR2vcznpChOIyI:LTXyTFgUOoCVCv31ovd4
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
e0543ae149ecd62090db0d4df2989e4e6bb14d39e70801a80207f5241b133398
-
Size
1.0MB
-
MD5
94bef4fe59ea7d603b11e8e8484fc0de
-
SHA1
70cbe1c65de8b4dcd4b4779f0cfec5e0e7a51e3c
-
SHA256
e0543ae149ecd62090db0d4df2989e4e6bb14d39e70801a80207f5241b133398
-
SHA512
c6eeb8c73c7248b316c2766ef93467f1deb50c27dc743128ef5d0593282cd39d5b86e24f088ae9889cb31bcbb05c787e750cd561b52bd657ec22b2d32c41b1a4
-
SSDEEP
24576:cyTX/KWgFgU+NRczddPKVCv3ZHlMwR2vcznpChOIyI:LTXyTFgUOoCVCv31ovd4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-