General
-
Target
f36c0d77999f5a8b00f9933a6a77eb3148fef4aeb3b4eae8053b9255b1437b98
-
Size
1009KB
-
Sample
230324-lp2tmadd76
-
MD5
e076e02021720c6ef53bfff02ade06c5
-
SHA1
a0296b2f89eabbfc3a2677d70eb14b8e80afee27
-
SHA256
f36c0d77999f5a8b00f9933a6a77eb3148fef4aeb3b4eae8053b9255b1437b98
-
SHA512
a8d55b738d6755e7118ee13ebb5e97bf8f46e82aff22b209ee5e1fd8b307ad54decdce548c95978139d31ed670ece522ac5827aee5411c5948d23d2e508ef4fe
-
SSDEEP
24576:yyMt+6yhBoXd5pc+8E3X4QUDPHcMt5kBhdCbYeRfTrWhkUeEt:ZMUqt5pc+Nn4QUbHVPkwjRfTKCUe
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
roxi
193.233.20.31:4125
-
auth_value
9d8be78c896acc3cf8b8a6637a221376
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
f36c0d77999f5a8b00f9933a6a77eb3148fef4aeb3b4eae8053b9255b1437b98
-
Size
1009KB
-
MD5
e076e02021720c6ef53bfff02ade06c5
-
SHA1
a0296b2f89eabbfc3a2677d70eb14b8e80afee27
-
SHA256
f36c0d77999f5a8b00f9933a6a77eb3148fef4aeb3b4eae8053b9255b1437b98
-
SHA512
a8d55b738d6755e7118ee13ebb5e97bf8f46e82aff22b209ee5e1fd8b307ad54decdce548c95978139d31ed670ece522ac5827aee5411c5948d23d2e508ef4fe
-
SSDEEP
24576:yyMt+6yhBoXd5pc+8E3X4QUDPHcMt5kBhdCbYeRfTrWhkUeEt:ZMUqt5pc+Nn4QUbHVPkwjRfTKCUe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-