General
-
Target
872b1c4a0aa0dc9e2726a9e53bd8cce17f4cceb18e9fa64d7f7bd0cf7ccbae8b
-
Size
1.0MB
-
Sample
230328-pkwnlaah96
-
MD5
b851c8fa999044cd40432e3204951472
-
SHA1
b070f80a7a0f5dc33a23972293f142d6b0e4a78b
-
SHA256
872b1c4a0aa0dc9e2726a9e53bd8cce17f4cceb18e9fa64d7f7bd0cf7ccbae8b
-
SHA512
69d5eec2ceb458f268f789df095a37ece306ec3db6c547470b9e0127e61cd5deae9474d502b2c817de4b58b7ad0bc29f7338a803d49fa4a4276aa60e58a6045c
-
SSDEEP
24576:KyP++cMdpA7IJz+eSV0bYArMB3n2aPXQmGmp39BnVpc73H+:RP1cm3JzQ0bprMljPxGi673H
Static task
static1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
luza
176.113.115.145:4125
-
auth_value
1261701914d508e02e8b4f25d38bc7f9
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
872b1c4a0aa0dc9e2726a9e53bd8cce17f4cceb18e9fa64d7f7bd0cf7ccbae8b
-
Size
1.0MB
-
MD5
b851c8fa999044cd40432e3204951472
-
SHA1
b070f80a7a0f5dc33a23972293f142d6b0e4a78b
-
SHA256
872b1c4a0aa0dc9e2726a9e53bd8cce17f4cceb18e9fa64d7f7bd0cf7ccbae8b
-
SHA512
69d5eec2ceb458f268f789df095a37ece306ec3db6c547470b9e0127e61cd5deae9474d502b2c817de4b58b7ad0bc29f7338a803d49fa4a4276aa60e58a6045c
-
SSDEEP
24576:KyP++cMdpA7IJz+eSV0bYArMB3n2aPXQmGmp39BnVpc73H+:RP1cm3JzQ0bprMljPxGi673H
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-