General
-
Target
83ce81ea4c6a0ab49d9eb93bcf06645c6b74cf30516f3463c7cc37893fe5cbe0
-
Size
1024KB
-
Sample
230324-ayv7nadb3x
-
MD5
2cfbe1e32d11538fb42c1692d435d621
-
SHA1
797b4931caad783e21f4a27e982fe375d70b1d3a
-
SHA256
83ce81ea4c6a0ab49d9eb93bcf06645c6b74cf30516f3463c7cc37893fe5cbe0
-
SHA512
edf253187b1acf3c419c06ba45256b06cac6b8c0ccab79ff476d17b6ebaf69621ce8fc8843bf85b80b2eb07ca15bea9f383c03240e726003700def365dd50832
-
SSDEEP
24576:0y+76eDrJ/XH64IVC3KorpjRQIaV9prLKQJFxqzW:DYLDZHRr6ordiV9pr+Qgz
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
83ce81ea4c6a0ab49d9eb93bcf06645c6b74cf30516f3463c7cc37893fe5cbe0
-
Size
1024KB
-
MD5
2cfbe1e32d11538fb42c1692d435d621
-
SHA1
797b4931caad783e21f4a27e982fe375d70b1d3a
-
SHA256
83ce81ea4c6a0ab49d9eb93bcf06645c6b74cf30516f3463c7cc37893fe5cbe0
-
SHA512
edf253187b1acf3c419c06ba45256b06cac6b8c0ccab79ff476d17b6ebaf69621ce8fc8843bf85b80b2eb07ca15bea9f383c03240e726003700def365dd50832
-
SSDEEP
24576:0y+76eDrJ/XH64IVC3KorpjRQIaV9prLKQJFxqzW:DYLDZHRr6ordiV9pr+Qgz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-