General
-
Target
83754c3f00b5d49504dcb880a31b366e29313d3c2e007788a400c1438a8a6edc
-
Size
1008KB
-
Sample
230324-mg1r2adf65
-
MD5
c1b6c297c983341221365c49d3485a37
-
SHA1
57f94f889c0795ea33a7e6dbb475a305790f56e5
-
SHA256
83754c3f00b5d49504dcb880a31b366e29313d3c2e007788a400c1438a8a6edc
-
SHA512
253322a2f5d503197cf04f93c179a2b20300c3702da5887aa5df5c373950a85bac48975fbbf567f8d93d7a7744663dbd7e96d710da6b7ee47701279f918a3b41
-
SSDEEP
24576:wym81+GcJSNgM1WMrRucXbY4owgxQqUX1I:3p+GcagoWM9TrJowgDU
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
roxi
193.233.20.31:4125
-
auth_value
9d8be78c896acc3cf8b8a6637a221376
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
83754c3f00b5d49504dcb880a31b366e29313d3c2e007788a400c1438a8a6edc
-
Size
1008KB
-
MD5
c1b6c297c983341221365c49d3485a37
-
SHA1
57f94f889c0795ea33a7e6dbb475a305790f56e5
-
SHA256
83754c3f00b5d49504dcb880a31b366e29313d3c2e007788a400c1438a8a6edc
-
SHA512
253322a2f5d503197cf04f93c179a2b20300c3702da5887aa5df5c373950a85bac48975fbbf567f8d93d7a7744663dbd7e96d710da6b7ee47701279f918a3b41
-
SSDEEP
24576:wym81+GcJSNgM1WMrRucXbY4owgxQqUX1I:3p+GcagoWM9TrJowgDU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-