General
-
Target
ba86fce613db68c35f8a82a87826ea1fb643ce357e3a42aecb4cfee9654746a5
-
Size
1.0MB
-
Sample
230324-bstmbabd33
-
MD5
e4010106ab3f25a9513a9c0eb649fa04
-
SHA1
387375848fe36b2cf275b0afeeddb47d369a5ff5
-
SHA256
ba86fce613db68c35f8a82a87826ea1fb643ce357e3a42aecb4cfee9654746a5
-
SHA512
40b1b79ab6e2d1009a232d94be2af258c5d5e3624ede18a21fc672d9cdb2e4db23fa30535530151a2142c086d0cd1202168c393ecadcca3d986f77aadad1e8aa
-
SSDEEP
24576:dyYuzrC/vdAZLmVno2wgeeCqg/dUSa3Ridq6hOZtf:4Trn5mePU3g/Cx3Yc6U
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
trap
193.233.20.30:4125
-
auth_value
b39a737e2e9eba88e48ab88d1061be9c
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
ba86fce613db68c35f8a82a87826ea1fb643ce357e3a42aecb4cfee9654746a5
-
Size
1.0MB
-
MD5
e4010106ab3f25a9513a9c0eb649fa04
-
SHA1
387375848fe36b2cf275b0afeeddb47d369a5ff5
-
SHA256
ba86fce613db68c35f8a82a87826ea1fb643ce357e3a42aecb4cfee9654746a5
-
SHA512
40b1b79ab6e2d1009a232d94be2af258c5d5e3624ede18a21fc672d9cdb2e4db23fa30535530151a2142c086d0cd1202168c393ecadcca3d986f77aadad1e8aa
-
SSDEEP
24576:dyYuzrC/vdAZLmVno2wgeeCqg/dUSa3Ridq6hOZtf:4Trn5mePU3g/Cx3Yc6U
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-