General
-
Target
06d66708ead10b54659f09b7a05806443fd5afdc7d3e07d04306024b9202bfbe
-
Size
1.0MB
-
Sample
230328-j5jxmsbe8y
-
MD5
9225ef4e967531ce3da08705bc7adf53
-
SHA1
117da5bb9bb0993cb2c294b3b84cf2b57760abeb
-
SHA256
06d66708ead10b54659f09b7a05806443fd5afdc7d3e07d04306024b9202bfbe
-
SHA512
25f9a302f62f7adf23cd70041abd536fe08780922154f5b0bc3b20d8739b3f513e795b28158c799852e2610b813d595f2df65c5cbab468f588dbfc91fdde77b0
-
SSDEEP
24576:GyPkanJEMWXcJfs4wFqFVHP4BUmmLkgqOp5BF1D3:V8fsJfs7gF5QBMLx5j
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
renta
176.113.115.145:4125
-
auth_value
359596fd5b36e9925ade4d9a1846bafb
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
06d66708ead10b54659f09b7a05806443fd5afdc7d3e07d04306024b9202bfbe
-
Size
1.0MB
-
MD5
9225ef4e967531ce3da08705bc7adf53
-
SHA1
117da5bb9bb0993cb2c294b3b84cf2b57760abeb
-
SHA256
06d66708ead10b54659f09b7a05806443fd5afdc7d3e07d04306024b9202bfbe
-
SHA512
25f9a302f62f7adf23cd70041abd536fe08780922154f5b0bc3b20d8739b3f513e795b28158c799852e2610b813d595f2df65c5cbab468f588dbfc91fdde77b0
-
SSDEEP
24576:GyPkanJEMWXcJfs4wFqFVHP4BUmmLkgqOp5BF1D3:V8fsJfs7gF5QBMLx5j
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-