General
-
Target
adbcdefd826fde388b41c49f9d6fe170cf1d6513bc9fd04b668d1ad56cff22cd
-
Size
1007KB
-
Sample
230324-lk7t3sfe71
-
MD5
107f162599a141933daba65939444b7d
-
SHA1
00b196e7340f42c06ee17b7b2a56898e437cef2c
-
SHA256
adbcdefd826fde388b41c49f9d6fe170cf1d6513bc9fd04b668d1ad56cff22cd
-
SHA512
f63dfed3693f301c63771da7e709a0810183b8af18472e00203e827e5e7bfa3a99f2dc8bb4683cea2a16615d3a430b8113e5e9f31fca9e8a8c76ba7f83ee5c8d
-
SSDEEP
24576:Cy0Smosr+sfX3H8ZtHAgbMhN6cXdn5GjE7:p0Co+nTHVYN6Ix
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
roxi
193.233.20.31:4125
-
auth_value
9d8be78c896acc3cf8b8a6637a221376
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
adbcdefd826fde388b41c49f9d6fe170cf1d6513bc9fd04b668d1ad56cff22cd
-
Size
1007KB
-
MD5
107f162599a141933daba65939444b7d
-
SHA1
00b196e7340f42c06ee17b7b2a56898e437cef2c
-
SHA256
adbcdefd826fde388b41c49f9d6fe170cf1d6513bc9fd04b668d1ad56cff22cd
-
SHA512
f63dfed3693f301c63771da7e709a0810183b8af18472e00203e827e5e7bfa3a99f2dc8bb4683cea2a16615d3a430b8113e5e9f31fca9e8a8c76ba7f83ee5c8d
-
SSDEEP
24576:Cy0Smosr+sfX3H8ZtHAgbMhN6cXdn5GjE7:p0Co+nTHVYN6Ix
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-