General
-
Target
de3d626fd98dfdca1c81b6b9c2cb8ce296658b0909916cfcafc3f543de62f41c
-
Size
1023KB
-
Sample
230324-afq5zsba33
-
MD5
9b42a524c2fccde52333a0adcc1d5207
-
SHA1
386e3645c4941703b3eeddbe39a0b79d6d3f5d55
-
SHA256
de3d626fd98dfdca1c81b6b9c2cb8ce296658b0909916cfcafc3f543de62f41c
-
SHA512
f935b505e7507ff37cb83f24747f38370eb047878f89d63e4e63a1c49a88bd2ceabb36c86d75a3ce2c67f1a8bb48a92de1436f9e3114d64387251218a50ca6c0
-
SSDEEP
24576:wyPM5GP4366E672bOmv3k2kDaxs9ed8FL9r1H4:3PM44366E42bOQ3VkDCsA8d9xH
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
de3d626fd98dfdca1c81b6b9c2cb8ce296658b0909916cfcafc3f543de62f41c
-
Size
1023KB
-
MD5
9b42a524c2fccde52333a0adcc1d5207
-
SHA1
386e3645c4941703b3eeddbe39a0b79d6d3f5d55
-
SHA256
de3d626fd98dfdca1c81b6b9c2cb8ce296658b0909916cfcafc3f543de62f41c
-
SHA512
f935b505e7507ff37cb83f24747f38370eb047878f89d63e4e63a1c49a88bd2ceabb36c86d75a3ce2c67f1a8bb48a92de1436f9e3114d64387251218a50ca6c0
-
SSDEEP
24576:wyPM5GP4366E672bOmv3k2kDaxs9ed8FL9r1H4:3PM44366E42bOQ3VkDCsA8d9xH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-