General
-
Target
d4a536b1a53362afc623e4d50cbfc84093d686bff8d3987ea43c0c78df7d88a9
-
Size
240KB
-
Sample
210926-zttkpsfda6
-
MD5
41cbd155d79066f2e44a66256446e67b
-
SHA1
c8612d119c511fdf54e91b8d0de9a06e2914ad04
-
SHA256
d4a536b1a53362afc623e4d50cbfc84093d686bff8d3987ea43c0c78df7d88a9
-
SHA512
a9f79b1398e63d22a99762b32a682938444772639f9a68dda68abfab338f42ae50bdceeeebae3e8d984573c006abb2b5be962583d062f72696f1c3a6bc422b79
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.20:13441
Targets
-
-
Target
d4a536b1a53362afc623e4d50cbfc84093d686bff8d3987ea43c0c78df7d88a9
-
Size
240KB
-
MD5
41cbd155d79066f2e44a66256446e67b
-
SHA1
c8612d119c511fdf54e91b8d0de9a06e2914ad04
-
SHA256
d4a536b1a53362afc623e4d50cbfc84093d686bff8d3987ea43c0c78df7d88a9
-
SHA512
a9f79b1398e63d22a99762b32a682938444772639f9a68dda68abfab338f42ae50bdceeeebae3e8d984573c006abb2b5be962583d062f72696f1c3a6bc422b79
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-