General
-
Target
3937619d1efc06dbab3bb59ff35331e4548a07d9bb384416392db202d7cbac0d
-
Size
1.0MB
-
Sample
230323-3wmfysch7s
-
MD5
b8163c6e6f470892c77ead69c6b56940
-
SHA1
beb9d962c25a84d26b660a493a5a00878c9e6841
-
SHA256
3937619d1efc06dbab3bb59ff35331e4548a07d9bb384416392db202d7cbac0d
-
SHA512
cf3795dcecea403f7c824d8e9a582127592ee7919bb5533d6aeb92fef223135d471a37d5b970a5fe41a6bff17e9a5dbd89f899f3ea5b0c79d379355d38dafa72
-
SSDEEP
24576:Mygd4zuq0L3K4wgSNPnlaFyww76IG174EaZ:7gUu4VnlaFyww76x1UEa
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
3937619d1efc06dbab3bb59ff35331e4548a07d9bb384416392db202d7cbac0d
-
Size
1.0MB
-
MD5
b8163c6e6f470892c77ead69c6b56940
-
SHA1
beb9d962c25a84d26b660a493a5a00878c9e6841
-
SHA256
3937619d1efc06dbab3bb59ff35331e4548a07d9bb384416392db202d7cbac0d
-
SHA512
cf3795dcecea403f7c824d8e9a582127592ee7919bb5533d6aeb92fef223135d471a37d5b970a5fe41a6bff17e9a5dbd89f899f3ea5b0c79d379355d38dafa72
-
SSDEEP
24576:Mygd4zuq0L3K4wgSNPnlaFyww76IG174EaZ:7gUu4VnlaFyww76x1UEa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-