General
-
Target
fd40ea862decbd77bfc82ab2a3eca4fa3ba190fe264ef91fc751dfa147895275
-
Size
1010KB
-
Sample
230324-mpgdcsfg81
-
MD5
171c48547d8ad2e4b7c6f7e98c6a5e41
-
SHA1
5a54300c2b316df64c1627ce5b8cec9156d46426
-
SHA256
fd40ea862decbd77bfc82ab2a3eca4fa3ba190fe264ef91fc751dfa147895275
-
SHA512
4f91524ce4afe8741d5e342122bd73979c22120a6211fd8b1307f4bfab1d06dd10b4918a51dd361ee2dc481acc97103cb5d58b5b3dee69b430139868d9be40fb
-
SSDEEP
24576:9yNFIsutXwqsbYLBmZkEDXby+N99ug8Z:YNFdFqsbY1CNrlN99uX
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
roxi
193.233.20.31:4125
-
auth_value
9d8be78c896acc3cf8b8a6637a221376
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
fd40ea862decbd77bfc82ab2a3eca4fa3ba190fe264ef91fc751dfa147895275
-
Size
1010KB
-
MD5
171c48547d8ad2e4b7c6f7e98c6a5e41
-
SHA1
5a54300c2b316df64c1627ce5b8cec9156d46426
-
SHA256
fd40ea862decbd77bfc82ab2a3eca4fa3ba190fe264ef91fc751dfa147895275
-
SHA512
4f91524ce4afe8741d5e342122bd73979c22120a6211fd8b1307f4bfab1d06dd10b4918a51dd361ee2dc481acc97103cb5d58b5b3dee69b430139868d9be40fb
-
SSDEEP
24576:9yNFIsutXwqsbYLBmZkEDXby+N99ug8Z:YNFdFqsbY1CNrlN99uX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-