General
-
Target
3af4f4b374c4ed0d270af76ad014b635b8fa8d2d7153bda2929e7430e12345db
-
Size
303KB
-
Sample
210926-q5fcsaehe9
-
MD5
123dcf57693b77333b6ab024748635ed
-
SHA1
f787f17c7aa6fc00c6dc0f337f7ac7fd65a2c2a3
-
SHA256
3af4f4b374c4ed0d270af76ad014b635b8fa8d2d7153bda2929e7430e12345db
-
SHA512
156fa81be47dd1f03bddb03a779d6679b11439581adaeca9fffcf6e314b2f8d680646935589227ea7eb055ea1f9e8f14b5cfb9f735d2fecd76f8e52c945b5a55
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.20:13441
Targets
-
-
Target
3af4f4b374c4ed0d270af76ad014b635b8fa8d2d7153bda2929e7430e12345db
-
Size
303KB
-
MD5
123dcf57693b77333b6ab024748635ed
-
SHA1
f787f17c7aa6fc00c6dc0f337f7ac7fd65a2c2a3
-
SHA256
3af4f4b374c4ed0d270af76ad014b635b8fa8d2d7153bda2929e7430e12345db
-
SHA512
156fa81be47dd1f03bddb03a779d6679b11439581adaeca9fffcf6e314b2f8d680646935589227ea7eb055ea1f9e8f14b5cfb9f735d2fecd76f8e52c945b5a55
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-