General
-
Target
b8638740d214211c7186c56b987c8baaa501e215cb41cab1764a9de45481c899
-
Size
1.0MB
-
Sample
230323-3l4x9aah25
-
MD5
a5a7b2996762b31f5ea0df2fcc665147
-
SHA1
bcd8fc019e5a1e0d9bbe362cf84da83122d97a20
-
SHA256
b8638740d214211c7186c56b987c8baaa501e215cb41cab1764a9de45481c899
-
SHA512
2c8d94c9ba014989f7d01762498f2645d878fc8d60d17f3cbd164995909bd5f69191b633b6e566987cafbef439a241cc48e3884859b5042863d0e81422b28723
-
SSDEEP
24576:yysWwBJmtnk9SGmVyIOAostCj/J3CXI52DGv6q:Zv8KgqVvOmU3CYnS
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
b8638740d214211c7186c56b987c8baaa501e215cb41cab1764a9de45481c899
-
Size
1.0MB
-
MD5
a5a7b2996762b31f5ea0df2fcc665147
-
SHA1
bcd8fc019e5a1e0d9bbe362cf84da83122d97a20
-
SHA256
b8638740d214211c7186c56b987c8baaa501e215cb41cab1764a9de45481c899
-
SHA512
2c8d94c9ba014989f7d01762498f2645d878fc8d60d17f3cbd164995909bd5f69191b633b6e566987cafbef439a241cc48e3884859b5042863d0e81422b28723
-
SSDEEP
24576:yysWwBJmtnk9SGmVyIOAostCj/J3CXI52DGv6q:Zv8KgqVvOmU3CYnS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-