General
-
Target
26417e2af5a11de6cb01d0bbecdf83e3aaf593e564e5f28f4dbcf9fa7b758164
-
Size
587KB
-
Sample
210817-l7nshkssan
-
MD5
ddba582adb5de564cc6754305cf6c7d5
-
SHA1
c6fb0149eca522f10675f3e97028f2720e942660
-
SHA256
26417e2af5a11de6cb01d0bbecdf83e3aaf593e564e5f28f4dbcf9fa7b758164
-
SHA512
e7051e2720454ec9cf4fc0d2517125ae67e5609bb8fdd1c9b3c7231d84806ecd2ab163bdd15f19f49aeaadd794df7d806cf709c1de5b716298463d2f86e5008d
Static task
static1
Malware Config
Extracted
redline
dibild
135.148.139.222:33569
Targets
-
-
Target
26417e2af5a11de6cb01d0bbecdf83e3aaf593e564e5f28f4dbcf9fa7b758164
-
Size
587KB
-
MD5
ddba582adb5de564cc6754305cf6c7d5
-
SHA1
c6fb0149eca522f10675f3e97028f2720e942660
-
SHA256
26417e2af5a11de6cb01d0bbecdf83e3aaf593e564e5f28f4dbcf9fa7b758164
-
SHA512
e7051e2720454ec9cf4fc0d2517125ae67e5609bb8fdd1c9b3c7231d84806ecd2ab163bdd15f19f49aeaadd794df7d806cf709c1de5b716298463d2f86e5008d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-