General
-
Target
95a63275c630816b7990ddac8bcffc1ca07539d5122705c92e6f5872ddab7eb2
-
Size
1024KB
-
Sample
230323-3zdcfsch7w
-
MD5
58e876029a206462131ca0d90cb98c30
-
SHA1
3ba9148eda77e921db91233fb9463be414f35b4f
-
SHA256
95a63275c630816b7990ddac8bcffc1ca07539d5122705c92e6f5872ddab7eb2
-
SHA512
d4f0a9f5081d926fc5e81683b48a69fd1aa93f57c921bc4c3104dd35972ed7627a805cd8a15e39353ff6eb7ced91d04cd17b9ba869cc7ebf738b59a04ce3fc92
-
SSDEEP
24576:9yxkWj6mbiKwvvghYXqkRFS9UBjLe5QCLJye+WFv5s:YxkYri1vwYXqkR4UBjLeS8ge+yv
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
95a63275c630816b7990ddac8bcffc1ca07539d5122705c92e6f5872ddab7eb2
-
Size
1024KB
-
MD5
58e876029a206462131ca0d90cb98c30
-
SHA1
3ba9148eda77e921db91233fb9463be414f35b4f
-
SHA256
95a63275c630816b7990ddac8bcffc1ca07539d5122705c92e6f5872ddab7eb2
-
SHA512
d4f0a9f5081d926fc5e81683b48a69fd1aa93f57c921bc4c3104dd35972ed7627a805cd8a15e39353ff6eb7ced91d04cd17b9ba869cc7ebf738b59a04ce3fc92
-
SSDEEP
24576:9yxkWj6mbiKwvvghYXqkRFS9UBjLe5QCLJye+WFv5s:YxkYri1vwYXqkR4UBjLeS8ge+yv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-