General
-
Target
2471c8a95b36fbc881437b51377ebd97cb8d2352f1a4caa63759068dea2cfbfd
-
Size
250KB
-
Sample
210926-qltfaseggn
-
MD5
a5ab256c4f1675dc76ffa136c0ca3549
-
SHA1
c84b22070fd0b14b5e932ac41e9be1c84496cea5
-
SHA256
2471c8a95b36fbc881437b51377ebd97cb8d2352f1a4caa63759068dea2cfbfd
-
SHA512
7c21963b0280f656c6c6f926b32b0d85c99042468f5a033ea2174e5d638249041e0ea795eecf6c8b17438d78011249a8c5ccb5f7041dcccfeede1c676a58e828
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.20:13441
Targets
-
-
Target
2471c8a95b36fbc881437b51377ebd97cb8d2352f1a4caa63759068dea2cfbfd
-
Size
250KB
-
MD5
a5ab256c4f1675dc76ffa136c0ca3549
-
SHA1
c84b22070fd0b14b5e932ac41e9be1c84496cea5
-
SHA256
2471c8a95b36fbc881437b51377ebd97cb8d2352f1a4caa63759068dea2cfbfd
-
SHA512
7c21963b0280f656c6c6f926b32b0d85c99042468f5a033ea2174e5d638249041e0ea795eecf6c8b17438d78011249a8c5ccb5f7041dcccfeede1c676a58e828
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-