General
-
Target
b812afab30a9d4b73f7140915e808a8c05a5beb175d577dd58874443b85c0f58
-
Size
1024KB
-
Sample
230323-3pvhzsah37
-
MD5
e2f1c813c3172f103879fa5713413cb0
-
SHA1
6828252e191757cfcbec23e25d1fa66a4bb7b12c
-
SHA256
b812afab30a9d4b73f7140915e808a8c05a5beb175d577dd58874443b85c0f58
-
SHA512
44d6c170001e685f5f6d1211c8eb978b4b0c75c017b4b23665ef81b7cee17eea18c73ffa0c1a3ca1a9986a25e3969fddd1358a172067f04a279764ec787b6a2d
-
SSDEEP
12288:TMrEy90Sz5tWRn/KIFcYLZ0mumCSrVHw8FdK4cfmbDiPAqTA/AcadD2TbKCQGK7k:TyLs/KMmcH9STObDrIcaUSVp8SFDFG
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
b812afab30a9d4b73f7140915e808a8c05a5beb175d577dd58874443b85c0f58
-
Size
1024KB
-
MD5
e2f1c813c3172f103879fa5713413cb0
-
SHA1
6828252e191757cfcbec23e25d1fa66a4bb7b12c
-
SHA256
b812afab30a9d4b73f7140915e808a8c05a5beb175d577dd58874443b85c0f58
-
SHA512
44d6c170001e685f5f6d1211c8eb978b4b0c75c017b4b23665ef81b7cee17eea18c73ffa0c1a3ca1a9986a25e3969fddd1358a172067f04a279764ec787b6a2d
-
SSDEEP
12288:TMrEy90Sz5tWRn/KIFcYLZ0mumCSrVHw8FdK4cfmbDiPAqTA/AcadD2TbKCQGK7k:TyLs/KMmcH9STObDrIcaUSVp8SFDFG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-