General
-
Target
e2f0dbcf43bb2886bf9d5aa81cdc281184145098044000884e37be8f9f4e1ade
-
Size
1010KB
-
Sample
230324-nkz6caga7w
-
MD5
92a0341430cb2b11c84bf2376859badf
-
SHA1
005935ed26864ea661edd9e9138e828c93ff099d
-
SHA256
e2f0dbcf43bb2886bf9d5aa81cdc281184145098044000884e37be8f9f4e1ade
-
SHA512
c1361e2a8a3b8cb8def2fbef34732122f74e29d4aed5ba7ef8e7bf33531cb475d93e8c8662d85eb81e839228049d04a7ae3b10e7869e65e2e6fb322c1c8152d9
-
SSDEEP
12288:6Mrfy902LiDCo8+f7yms8n3A2EM7fCFO5IXFcpeQtvMziJJCs7DCwGcgssHW66bU:ty0Wo8+tpEYfC+YQtqwGcc2v/GI4z1R
Static task
static1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
volya
193.233.20.31:4125
-
auth_value
0efc9f002a9fbeec5f8b8338141d546a
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
e2f0dbcf43bb2886bf9d5aa81cdc281184145098044000884e37be8f9f4e1ade
-
Size
1010KB
-
MD5
92a0341430cb2b11c84bf2376859badf
-
SHA1
005935ed26864ea661edd9e9138e828c93ff099d
-
SHA256
e2f0dbcf43bb2886bf9d5aa81cdc281184145098044000884e37be8f9f4e1ade
-
SHA512
c1361e2a8a3b8cb8def2fbef34732122f74e29d4aed5ba7ef8e7bf33531cb475d93e8c8662d85eb81e839228049d04a7ae3b10e7869e65e2e6fb322c1c8152d9
-
SSDEEP
12288:6Mrfy902LiDCo8+f7yms8n3A2EM7fCFO5IXFcpeQtvMziJJCs7DCwGcgssHW66bU:ty0Wo8+tpEYfC+YQtqwGcc2v/GI4z1R
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-