General
-
Target
1ccdc7748e0b7dbc5488c9ea6c12fed14972fb26fa93b9daf9ab2bfb14ca016e
-
Size
1.0MB
-
Sample
230324-a6b4rabb74
-
MD5
b876adc0d5a609644cfd49231d322f0b
-
SHA1
1e2d89eb791f0d933d164ac5551d30d453af2650
-
SHA256
1ccdc7748e0b7dbc5488c9ea6c12fed14972fb26fa93b9daf9ab2bfb14ca016e
-
SHA512
a40b355a75c84364b7768957f03d927c77581a0a89fcf8b322dd73e5f114f7f9434da70e26802a6309c409ae5acddbd64f235b02efa2169d8ca0622700efba2f
-
SSDEEP
12288:pMrJy90e/73B+Fa9v804ozwpi+2x8fAnBcdzKRMtAk2RVLKK7xeYtu06hBQQkWrD:IyRjIQvLWi+qGqpkUd+LBz9fYOF
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
1ccdc7748e0b7dbc5488c9ea6c12fed14972fb26fa93b9daf9ab2bfb14ca016e
-
Size
1.0MB
-
MD5
b876adc0d5a609644cfd49231d322f0b
-
SHA1
1e2d89eb791f0d933d164ac5551d30d453af2650
-
SHA256
1ccdc7748e0b7dbc5488c9ea6c12fed14972fb26fa93b9daf9ab2bfb14ca016e
-
SHA512
a40b355a75c84364b7768957f03d927c77581a0a89fcf8b322dd73e5f114f7f9434da70e26802a6309c409ae5acddbd64f235b02efa2169d8ca0622700efba2f
-
SSDEEP
12288:pMrJy90e/73B+Fa9v804ozwpi+2x8fAnBcdzKRMtAk2RVLKK7xeYtu06hBQQkWrD:IyRjIQvLWi+qGqpkUd+LBz9fYOF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-