General
-
Target
5f162819ee3922b6b6d9dd4fa095d15e4065f040bd314e7ec73081ae34be337d
-
Size
1008KB
-
Sample
230324-lnktqadd68
-
MD5
ac7e43d6b87575c2f74709c97ff8a1b1
-
SHA1
10a5c55205e89865a16e76a82d7eff0eb96365ad
-
SHA256
5f162819ee3922b6b6d9dd4fa095d15e4065f040bd314e7ec73081ae34be337d
-
SHA512
923c4781126b8d911cd51988812d726a9b33d9011304d810ac1fd91cf39ee7008d229be6dec6213621cb976bb7a3d7663226331299b19f8a91dd9b5f524bcf97
-
SSDEEP
24576:7ykrwqW/Fz/FwtyCQYZ/sQZnb+E0aVbYM79bLKY9iau2:ukr9W/Fz/O4K/sQZnbdrB79n
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
roxi
193.233.20.31:4125
-
auth_value
9d8be78c896acc3cf8b8a6637a221376
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
5f162819ee3922b6b6d9dd4fa095d15e4065f040bd314e7ec73081ae34be337d
-
Size
1008KB
-
MD5
ac7e43d6b87575c2f74709c97ff8a1b1
-
SHA1
10a5c55205e89865a16e76a82d7eff0eb96365ad
-
SHA256
5f162819ee3922b6b6d9dd4fa095d15e4065f040bd314e7ec73081ae34be337d
-
SHA512
923c4781126b8d911cd51988812d726a9b33d9011304d810ac1fd91cf39ee7008d229be6dec6213621cb976bb7a3d7663226331299b19f8a91dd9b5f524bcf97
-
SSDEEP
24576:7ykrwqW/Fz/FwtyCQYZ/sQZnb+E0aVbYM79bLKY9iau2:ukr9W/Fz/O4K/sQZnbdrB79n
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-