General
-
Target
76bf1c525d45b513f0ce962f98f50ca2edab18070e439fba69ad16cf56edad61
-
Size
250KB
-
Sample
210926-ns69maeffj
-
MD5
dc41b0ace2361e52f64d6711bb82dea8
-
SHA1
f363aba38a3c8766cd82cbf8e1381588073533a1
-
SHA256
76bf1c525d45b513f0ce962f98f50ca2edab18070e439fba69ad16cf56edad61
-
SHA512
3296e9cd8f08afdc93a34097cbad8b862381b5d4c93483d1afd03330fe71f6cd8b1471f2b186e479c7e2ea281a261eeab66a3a6a0490abbdcdbcf0bb6f58007c
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.20:13441
Targets
-
-
Target
76bf1c525d45b513f0ce962f98f50ca2edab18070e439fba69ad16cf56edad61
-
Size
250KB
-
MD5
dc41b0ace2361e52f64d6711bb82dea8
-
SHA1
f363aba38a3c8766cd82cbf8e1381588073533a1
-
SHA256
76bf1c525d45b513f0ce962f98f50ca2edab18070e439fba69ad16cf56edad61
-
SHA512
3296e9cd8f08afdc93a34097cbad8b862381b5d4c93483d1afd03330fe71f6cd8b1471f2b186e479c7e2ea281a261eeab66a3a6a0490abbdcdbcf0bb6f58007c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-