General
-
Target
8fcfc29b57c6aaa0edb555cc330c7267f255134085ac71780586b4612ed5b9bd
-
Size
1023KB
-
Sample
230324-bgrnksbc44
-
MD5
2b07cb9630c656e7be6b3cc8dd3b1558
-
SHA1
7f0fae54e3151d9787a2da7a1a71c5da9040eb17
-
SHA256
8fcfc29b57c6aaa0edb555cc330c7267f255134085ac71780586b4612ed5b9bd
-
SHA512
e59c9a37c46ab69d6f13a47d85aa76efee7c383f22ff292948af42d7f1c62649822754510fc48dd3132237b47017a90ff3399a75060d1e792a504bf6932ca443
-
SSDEEP
24576:2y2lq1iQqB9xWliSwnbd2UTDPu5zx69X8XTadu5N95L3j:F2E1awlitnb5TDPesSXTku5N
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
8fcfc29b57c6aaa0edb555cc330c7267f255134085ac71780586b4612ed5b9bd
-
Size
1023KB
-
MD5
2b07cb9630c656e7be6b3cc8dd3b1558
-
SHA1
7f0fae54e3151d9787a2da7a1a71c5da9040eb17
-
SHA256
8fcfc29b57c6aaa0edb555cc330c7267f255134085ac71780586b4612ed5b9bd
-
SHA512
e59c9a37c46ab69d6f13a47d85aa76efee7c383f22ff292948af42d7f1c62649822754510fc48dd3132237b47017a90ff3399a75060d1e792a504bf6932ca443
-
SSDEEP
24576:2y2lq1iQqB9xWliSwnbd2UTDPu5zx69X8XTadu5N95L3j:F2E1awlitnb5TDPesSXTku5N
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-