General
-
Target
ff6972f1ae664a60b36d5dba82971cb34fc84f462675dbc71fbb8b40b3ed1178
-
Size
1009KB
-
Sample
230324-k5827sfd9y
-
MD5
98f0bcd73f7d85de36d8c825e58a08fd
-
SHA1
34483da47ac31a8f92fa04da70cd9f117badac8c
-
SHA256
ff6972f1ae664a60b36d5dba82971cb34fc84f462675dbc71fbb8b40b3ed1178
-
SHA512
ed6dce824b40625483d0b94688ac6767fb158a9caeb02cb92fc125322ba461db5f94ef70f511947f09fa6f518a534022cb04b314ba25a5e994c8681922d0f800
-
SSDEEP
24576:NyQ9t2mJ9ES2r3JyQYWeLJTa300gbMjnTOVGiBce5XN45:oWZEvJEPLJG3ngynTa+W
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
roxi
193.233.20.31:4125
-
auth_value
9d8be78c896acc3cf8b8a6637a221376
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
ff6972f1ae664a60b36d5dba82971cb34fc84f462675dbc71fbb8b40b3ed1178
-
Size
1009KB
-
MD5
98f0bcd73f7d85de36d8c825e58a08fd
-
SHA1
34483da47ac31a8f92fa04da70cd9f117badac8c
-
SHA256
ff6972f1ae664a60b36d5dba82971cb34fc84f462675dbc71fbb8b40b3ed1178
-
SHA512
ed6dce824b40625483d0b94688ac6767fb158a9caeb02cb92fc125322ba461db5f94ef70f511947f09fa6f518a534022cb04b314ba25a5e994c8681922d0f800
-
SSDEEP
24576:NyQ9t2mJ9ES2r3JyQYWeLJTa300gbMjnTOVGiBce5XN45:oWZEvJEPLJG3ngynTa+W
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-