General
-
Target
fbc9319b5207acc6875d5ac815e9d369d60936d38bde1b16bdebb0f007c739ce
-
Size
318KB
-
Sample
210920-fmzctsfedq
-
MD5
3c8b6cca9ee10cfec26c5c316789e4d8
-
SHA1
25c92281641eb032e37d71b7d254f7841a00cb62
-
SHA256
fbc9319b5207acc6875d5ac815e9d369d60936d38bde1b16bdebb0f007c739ce
-
SHA512
705511fa90ee0865cbc620679854795942684bf4996a3bd6b06989d51f214310fc146127c6de8fd3d0ab716faa819920b0c9e4d72c2566f5be810d684551caa3
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.20:13441
Targets
-
-
Target
fbc9319b5207acc6875d5ac815e9d369d60936d38bde1b16bdebb0f007c739ce
-
Size
318KB
-
MD5
3c8b6cca9ee10cfec26c5c316789e4d8
-
SHA1
25c92281641eb032e37d71b7d254f7841a00cb62
-
SHA256
fbc9319b5207acc6875d5ac815e9d369d60936d38bde1b16bdebb0f007c739ce
-
SHA512
705511fa90ee0865cbc620679854795942684bf4996a3bd6b06989d51f214310fc146127c6de8fd3d0ab716faa819920b0c9e4d72c2566f5be810d684551caa3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-