General
-
Target
9ac1e30123242f951507b5e76fcd21693fdf5cc3bad8acbc7c99d2fb3ff9c22d
-
Size
387KB
-
Sample
211015-rv76gsbag3
-
MD5
8bc8fafdc59a16368c086fe42dd5fe32
-
SHA1
2452b9925908520aacfc74d5761a9ef652d7d49f
-
SHA256
9ac1e30123242f951507b5e76fcd21693fdf5cc3bad8acbc7c99d2fb3ff9c22d
-
SHA512
bb3d321e1bcd48084b4c7f17ccc8ee5313790bd093092adc067a9ccb70728ce33666604a4c72f3abe35ffd1910201970a61598feb825240f4d6de5a650deb1ce
Static task
static1
Malware Config
Extracted
redline
paladin
37.228.129.48:29795
Targets
-
-
Target
9ac1e30123242f951507b5e76fcd21693fdf5cc3bad8acbc7c99d2fb3ff9c22d
-
Size
387KB
-
MD5
8bc8fafdc59a16368c086fe42dd5fe32
-
SHA1
2452b9925908520aacfc74d5761a9ef652d7d49f
-
SHA256
9ac1e30123242f951507b5e76fcd21693fdf5cc3bad8acbc7c99d2fb3ff9c22d
-
SHA512
bb3d321e1bcd48084b4c7f17ccc8ee5313790bd093092adc067a9ccb70728ce33666604a4c72f3abe35ffd1910201970a61598feb825240f4d6de5a650deb1ce
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-