General
-
Target
0af8fcf7aaa6e4db1b669afdcb3802574a14f03f7572e05c660c8ed2562dd6fe
-
Size
318KB
-
Sample
210919-z6ra4scec5
-
MD5
b78f6c53f3234366738a08ff7764526e
-
SHA1
414d3059abee67337ad9f48812e6fbfff9ca9e63
-
SHA256
0af8fcf7aaa6e4db1b669afdcb3802574a14f03f7572e05c660c8ed2562dd6fe
-
SHA512
ff5382567af99120ef094887271a75c69e5d3c4fb3c55d3331c1a6bbf92da5c92355b545d7562f0effb159f960f704a25b7175a29b42a91f01186b8f20981876
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.20:13441
Targets
-
-
Target
0af8fcf7aaa6e4db1b669afdcb3802574a14f03f7572e05c660c8ed2562dd6fe
-
Size
318KB
-
MD5
b78f6c53f3234366738a08ff7764526e
-
SHA1
414d3059abee67337ad9f48812e6fbfff9ca9e63
-
SHA256
0af8fcf7aaa6e4db1b669afdcb3802574a14f03f7572e05c660c8ed2562dd6fe
-
SHA512
ff5382567af99120ef094887271a75c69e5d3c4fb3c55d3331c1a6bbf92da5c92355b545d7562f0effb159f960f704a25b7175a29b42a91f01186b8f20981876
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-